Vulnerabilities > CVE-2018-1000099 - Access of Uninitialized Pointer vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

teluu

debian

CWE-824

nessus

NVD

Published: 2018-03-13

Updated: 2020-08-24

Summary

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.

Vulnerable Configurations

Part	Description	Count
Application	Teluu Teluu Pjsip 0.5.0.1 Teluu Pjsip 0.5.2 Teluu Pjsip 0.5.3 Teluu Pjsip 0.5.4 Teluu Pjsip 0.5.5.1 Teluu Pjsip 0.5.6 Teluu Pjsip 0.5.6.1 Teluu Pjsip 0.5.7 Teluu Pjsip 0.5.8 Teluu Pjsip 0.5.9 Teluu Pjsip 0.5.10 Teluu Pjsip 0.5.10.1 Teluu Pjsip 0.5.10.2 Teluu Pjsip 0.5.10.3 Teluu Pjsip 0.5.10.4 Teluu Pjsip 0.7.0 Teluu Pjsip 0.8.0 Teluu Pjsip 0.9.0 Teluu Pjsip 1.0 Teluu Pjsip 1.0.1 Teluu Pjsip 1.0.2 Teluu Pjsip 1.0.3 Teluu Pjsip 1.1 Teluu Pjsip 1.2 Teluu Pjsip 1.3 Teluu Pjsip 1.4 Teluu Pjsip 1.4.5 Teluu Pjsip 1.5 Teluu Pjsip 1.5.5 Teluu Pjsip 1.6 Teluu Pjsip 1.7 Teluu Pjsip 1.8 Teluu Pjsip 1.8.5 Teluu Pjsip 1.8.10 Teluu Pjsip 1.10 Teluu Pjsip 1.12 Teluu Pjsip 1.14 Teluu Pjsip 1.14.2 Teluu Pjsip 1.16 Teluu Pjsip 2.0 Teluu Pjsip 2.0.1 Teluu Pjsip 2.1 Teluu Pjsip 2.2 Teluu Pjsip 2.2.1 Teluu Pjsip 2.3 Teluu Pjsip 2.4 Teluu Pjsip 2.4.5 Teluu Pjsip 2.5 Teluu Pjsip 2.5.1 Teluu Pjsip 2.5.5 Teluu Pjsip 2.6 Teluu Pjsip 2.7 Teluu Pjsip 2.7.1	62
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-824 - Access of Uninitialized Pointer

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4170.NASL
description	Multiple vulnerabilities have been discovered in the PJSIP/PJProject multimedia communication which may result in denial of service during the processing of SIP and SDP messages and ioqueue keys.
last seen	2020-06-01
modified	2020-06-02
plugin id	108906
published	2018-04-10
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108906
title	Debian DSA-4170-1 : pjproject - security update

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References