Home > Vulnerability Database > CVE-2021-21375

Mend.io Vulnerability Database

CVE-2021-21375

Date: March 10, 2021

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.

Language: C

Severity Score

6.5

Related Resources (9)

Url: https://security.gentoo.org/glsa/202107-42

Url: https://lists.debian.org/debian-lts-announce/2021/05/msg00020.html

Url: https://security-tracker.debian.org/tracker/CVE-2021-21375

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-21375

Url: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365

Url: https://security.alpinelinux.org/vuln/CVE-2021-21375

Url: https://lists.debian.org/debian-lts-announce/2021/04/msg00023.html

Url: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp

Url: https://www.mend.io/vulnerability-database/CVE-2021-21375

Severity Score

6.5

Weakness Type (CWE)

Improper Check for Unusual or Exceptional Conditions

CWE-754

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-21375

Date: March 10, 2021

Language: C

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?