CVE-2018-1000099 — Access of Uninitialized Pointer in Pjsip

CWE-824 — Access of Uninitialized Pointer8 documents5 sources

Severity

7.5HIGHNVD

OSV9.8

EPSS

1.0%

top 23.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pjsip Pjproject Teluu Pjsip Debian Linux

Timeline

PublishedMar 13

Latest updateMar 24

Description

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDteluu/pjsip2.7.1

▶Ubuntupjsip/pjproject< 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1+1

Also affects: Debian Linux 9.0

Patches

Patch: trac.pjsip.org ↗Patch: trac.pjsip.org ↗

🔴Vulnerability Details

OSV

pjproject vulnerabilities↗2026-03-24

▶

GHSA

GHSA-g2mm-3mxm-q4ww: Teluu PJSIP version 2↗2022-05-13

▶

OSV

CVE-2018-1000099: Teluu PJSIP version 2↗2018-03-13

▶

📋Vendor Advisories

Ubuntu

PJSIP vulnerabilities↗2026-03-24

▶

💬Community

Bugzilla

CVE-2018-1000099 asterisk: segmentation fault occurs in asterisk with an invalid SDP fmtp attribute [epel-6]↗2018-02-22

▶

Bugzilla

CVE-2018-1000099 asterisk: segmentation fault occurs in asterisk with an invalid SDP fmtp attribute [fedora-all]↗2018-02-22

▶

Bugzilla

CVE-2018-1000099 asterisk: segmentation fault occurs in asterisk with an invalid SDP fmtp attribute↗2018-02-22

▶