Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-41141

Date: January 4, 2022

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch.

Language: C

Severity Score

Related Resources (9)

https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2021-41141
https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196
https://nvd.nist.gov/vuln/detail/CVE-2021-41141
https://security.alpinelinux.org/vuln/CVE-2021-41141
https://security.gentoo.org/glsa/202210-37
https://security-tracker.debian.org/tracker/CVE-2021-41141
https://www.mend.io/vulnerability-database/CVE-2021-41141

Severity Score

Weakness Type (CWE)

Improper Locking

CWE-667

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us