CVE-2018-1000098 — Integer Overflow or Wraparound in Pjsip

CWE-190 — Integer Overflow or Wraparound8 documents5 sources

Severity

7.5HIGHNVD

OSV9.8

EPSS

0.7%

top 27.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pjsip Pjproject Teluu Pjsip Debian Linux

Timeline

PublishedMar 13

Latest updateMar 24

Description

Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDteluu/pjsip2.7.1

▶Ubuntupjsip/pjproject< 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1+1

Also affects: Debian Linux 9.0

🔴Vulnerability Details

OSV

pjproject vulnerabilities↗2026-03-24

▶

GHSA

GHSA-chm5-gp28-v8xw: Teluu PJSIP version 2↗2022-05-14

▶

OSV

CVE-2018-1000098: Teluu PJSIP version 2↗2018-03-13

▶

📋Vendor Advisories

Ubuntu

PJSIP vulnerabilities↗2026-03-24

▶

💬Community

Bugzilla

CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description [epel-6]↗2018-02-22

▶

Bugzilla

CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description [fedora-all]↗2018-02-22

▶

Bugzilla

CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description↗2018-02-22

▶