Teluu Pjsip vulnerabilities
32 known vulnerabilities affecting teluu/pjsip.
Total CVEs
32
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL18HIGH10MEDIUM4
Vulnerabilities
Page 1 of 2
CVE-2021-37706P2CRITICALCVSS 9.8≤ 2.11.12021-12-22
CVE-2021-37706 [CRITICAL] CWE-191 CVE-2021-37706: PJSIP is a free and open source multimedia communication library written in C language implementing
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting
nvd
CVE-2022-31031P2CRITICALCVSS 9.8≤ 2.12.12022-06-09
CVE-2022-31031 [CRITICAL] CWE-120 CVE-2022-31031: PJSIP is a free and open source multimedia communication library written in C language implementing
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their ac
nvd
CVE-2021-43300P3CRITICALCVSS 9.8≤ 2.11.1≥ unspecified, ≤ 2.11.12022-02-16
CVE-2021-43300 [CRITICAL] CWE-121 CVE-2021-43300: Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' ar
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
nvd
CVE-2021-43299P3CRITICALCVSS 9.8≤ 2.11.1≥ unspecified, ≤ 2.11.12022-02-16
CVE-2021-43299 [CRITICAL] CWE-121 CVE-2021-43299: Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argu
Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
nvd
CVE-2021-43301P3CRITICALCVSS 9.8≤ 2.11.1≥ unspecified, ≤ 2.11.12022-02-16
CVE-2021-43301 [CRITICAL] CWE-121 CVE-2021-43301: Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names'
Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
nvd
CVE-2022-21723P3CRITICALCVSS 9.1≤ 2.11.12022-01-27
CVE-2022-21723 [CRITICAL] CWE-125 CVE-2022-21723: PJSIP is a free and open source multimedia communication library written in C language implementing
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users
nvd
CVE-2022-24754P3CRITICALCVSS 9.8≤ 2.122022-03-11
CVE-2022-24754 [CRITICAL] CWE-120 CVE-2022-24754: PJSIP is a free and open source multimedia communication library written in C language. In versions
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master bran
nvd
CVE-2022-21722P3CRITICALCVSS 9.1≤ 2.11.12022-01-27
CVE-2022-21722 [CRITICAL] CWE-125 CVE-2022-21722: PJSIP is a free and open source multimedia communication library written in C language implementing
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects a
nvd
CVE-2022-23608P3CRITICALCVSS 9.8≤ 2.11.12022-02-22
CVE-2022-23608 [CRITICAL] CWE-416 CVE-2022-23608: PJSIP is a free and open source multimedia communication library written in C language implementing
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dia
nvd
CVE-2021-43303P3CRITICALCVSS 9.8≤ 2.11.1≥ unspecified, ≤ 2.11.12022-02-16
CVE-2021-43303 [CRITICAL] CWE-120 CVE-2021-43303: Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument
Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied
nvd
CVE-2021-43845P3CRITICALCVSS 9.1≤ 2.11.12021-12-27
CVE-2021-43845 [CRITICAL] CWE-125 CVE-2021-43845: PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if in
PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR mes
nvd
CVE-2023-38703P3CRITICALCVSS 9.8≤ 2.13.12023-10-06
CVE-2023-38703 [CRITICAL] CWE-416 CVE-2023-38703: PJSIP is a free and open source multimedia communication library written in C with high level API in
PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may i
nvd
CVE-2022-39269P3CRITICALCVSS 9.1≥ 2.11, < 2.132022-10-06
CVE-2022-39269 [CRITICAL] CWE-319 CVE-2022-39269: PJSIP is a free and open source multimedia communication library written in C. When processing certa
PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a
nvd
CVE-2026-34235P3CRITICALCVSS 9.1fixed in 2.172026-03-31
CVE-2026-34235 [CRITICAL] CWE-125 CVE-2026-34235: PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure (SS) data. Insufficient bounds checking on the payload descriptor length may cause reads beyond the allocated
nvd
CVE-2022-23537P3CRITICALCVSS 9.8fixed in 2.13.12022-12-20
CVE-2022-23537 [CRITICAL] CWE-122 CVE-2022-23537: PJSIP is a free and open source multimedia communication library written in C language implementing
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LI
nvd
CVE-2017-16872P3CRITICALCVSS 9.8fixed in 2.7.12017-11-17
CVE-2017-16872 [CRITICAL] CWE-119 CVE-2017-16872: An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead t
nvd
CVE-2026-41415P3CRITICALCVSS 9.1fixed in 2.172026-04-24
CVE-2026-41415 [CRITICAL] CWE-125 CVE-2026-41415: PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier,
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This vulnerability is fixed in 2.17.
nvd
CVE-2021-43804P3HIGHCVSS 7.3≤ 2.11.12021-12-22
CVE-2021-43804 [HIGH] CWE-125 CVE-2021-43804: PJSIP is a free and open source multimedia communication library written in C language implementing
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in a
nvd
CVE-2021-43302P3CRITICALCVSS 9.1≤ 2.11.1≥ unspecified, ≤ 2.11.12022-02-16
CVE-2021-43302 [CRITICAL] CWE-125 CVE-2021-43302: Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename
Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.
nvd
CVE-2023-27585P3HIGHCVSS 7.5fixed in 2.132023-03-14
CVE-2023-27585 [HIGH] CVE-2023-27585: PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vul
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the que
nvd
1 / 2Next →