Total vulnerabilities in the database
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
| Software | From | Fixed in |
|---|---|---|
| teluu / pjsip | - | 2.11.1.x |
| asterisk / certified_asterisk | 16.8.0-cert12 | 16.8.0-cert12.x |
| asterisk / certified_asterisk | 16.8.0-cert11 | 16.8.0-cert11.x |
| asterisk / certified_asterisk | 16.8.0-cert10 | 16.8.0-cert10.x |
| asterisk / certified_asterisk | 16.8.0-cert9 | 16.8.0-cert9.x |
| asterisk / certified_asterisk | 16.8.0-cert8 | 16.8.0-cert8.x |
| asterisk / certified_asterisk | 16.8.0-cert7 | 16.8.0-cert7.x |
| asterisk / certified_asterisk | 16.8.0-cert6 | 16.8.0-cert6.x |
| asterisk / certified_asterisk | 16.8.0-cert5 | 16.8.0-cert5.x |
| asterisk / certified_asterisk | 16.8.0-cert4 | 16.8.0-cert4.x |
| asterisk / certified_asterisk | 16.8.0-cert3 | 16.8.0-cert3.x |
| asterisk / certified_asterisk | 16.8.0-cert2 | 16.8.0-cert2.x |
| asterisk / certified_asterisk | 16.8.0-cert1 | 16.8.0-cert1.x |
| asterisk / certified_asterisk | - | 16.8.0 |
| sangoma / asterisk | 16.0.0 | 16.24.1 |
| sangoma / asterisk | 19.0.0 | 19.2.1 |
| sangoma / asterisk | 18.0.0 | 18.10.1 |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |