CVE-2017-16872

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

02 Sep 2021, 14:49

Type Values Removed Values Added
CPE cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:* cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*

Information

Published : 2017-11-17 09:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-16872

Mitre link : CVE-2017-16872

CVE.ORG link : CVE-2017-16872


JSON object : View

Products Affected

teluu

  • pjsip

debian

  • debian_linux
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer