CVE-2021-21375
published 2021-03-10CVE-2021-21375: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN…
PriorityP430medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
2.09%
79.3th percentile
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | ring | < ring 20210112.2.b757bac~ds1-1 (bookworm) | ring 20210112.2.b757bac~ds1-1 (bookworm) |
| pjsip | pjproject | <= 2.10 | — |
| pjsip | pjproject | >= 0 < 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1 | 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1 |
| pjsip | pjproject | >= 0 < 2.7.2~dfsg-1ubuntu0.1~esm1 | 2.7.2~dfsg-1ubuntu0.1~esm1 |
| teluu | pjsip | <= 2.10 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian6.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
pjproject vulnerabilities
osv·2026-03-24·CVSS 9.8
CVE-2017-16872 [CRITICAL] pjproject vulnerabilities
pjproject vulnerabilities
Youngsung Kim discovered that PJSIP did not properly parse numeric header
fields in SIP messages. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-16872)
Peter Koletzki discovered that PJSIP did not properly handle certain
connection requests. A remote attacker could possibly use this issue to
cause PJSIP to enter an unrecoverable state and reject further connections,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2017-16875)
Alfred Farrugia, Sandro Gauci, and Kevin Harwell discovered that PJSIP did
not properly parse certain SDP messages. A remote attacker could possibly
use this issue to c
OSV
CVE-2021-21375: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, ST
osv·2021-03-10·CVSS 6.5
CVE-2021-21375 [MEDIUM] CVE-2021-21375: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, ST
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.
Ubuntu
PJSIP vulnerabilities
vendor_ubuntu·2026-03-24·CVSS 9.8
CVE-2020-15260 [CRITICAL] PJSIP vulnerabilities
Title: PJSIP vulnerabilities
Summary: Several security issues were fixed in PJSIP.
Youngsung Kim discovered that PJSIP did not properly parse numeric header
fields in SIP messages. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-16872)
Peter Koletzki discovered that PJSIP did not properly handle certain
connection requests. A remote attacker could possibly use this issue to
cause PJSIP to enter an unrecoverable state and reject further connections,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2017-16875)
Alfred Farrugia, Sandro Gauci, and Kevin Harwell discovered that PJSIP did
not properly parse certain SDP mess
Debian
CVE-2021-21375: ring - PJSIP is a free and open source multimedia communication library written in C la...
vendor_debian·2021·CVSS 6.5
CVE-2021-21375 [MEDIUM] CVE-2021-21375: ring - PJSIP is a free and open source multimedia communication library written in C la...
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.
Scope: local
bookworm: resolved (fixed in 20210112.2.b757bac~ds1-1)
bullseye: resolved (fixed in 20210112.2.b757bac~ds1-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvphttps://lists.debian.org/debian-lts-announce/2021/04/msg00023.htmlhttps://lists.debian.org/debian-lts-announce/2021/05/msg00020.htmlhttps://security.gentoo.org/glsa/202107-42https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvphttps://lists.debian.org/debian-lts-announce/2021/04/msg00023.htmlhttps://lists.debian.org/debian-lts-announce/2021/05/msg00020.htmlhttps://security.gentoo.org/glsa/202107-42
2021-03-10
Published