CVE-2021-41141Improper Locking in Pjproject

CWE-667Improper Locking3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.6%
top 18.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Pjsip PjprojectTeluu PjsipDebian Linux
Timeline
PublishedJan 4
Latest updateFeb 27

Description

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Alpinepjsip/pjproject< 2.12-r0+7
NVDteluu/pjsip2.11.1
CVEListV5pjsip/pjproject2.11.1

Also affects: Debian Linux 9.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

1
OSV
CVE-2021-41141: PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP2022-01-04

💬Community

1
Bugzilla
CVE-2021-41141 CVE-2021-43845 CVE-2022-24754 CVE-2022-24763 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 asterisk: pjsip: Multiple vulnerabilities [epel-all]2023-02-27
CVE-2021-41141 — Improper Locking in Pjsip Pjproject | cvebase