Vulnerabilities > CVE-2018-1000099 - Access of Uninitialized Pointer vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-4170.NASL |
description | Multiple vulnerabilities have been discovered in the PJSIP/PJProject multimedia communication which may result in denial of service during the processing of SIP and SDP messages and ioqueue keys. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 108906 |
published | 2018-04-10 |
reporter | This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/108906 |
title | Debian DSA-4170-1 : pjproject - security update |
References
- https://trac.pjsip.org/repos/milestone/release-2.7.2
- https://trac.pjsip.org/repos/milestone/release-2.7.2
- https://trac.pjsip.org/repos/ticket/2092
- https://trac.pjsip.org/repos/ticket/2092
- https://trac.pjsip.org/repos/ticket/2094
- https://trac.pjsip.org/repos/ticket/2094
- https://www.debian.org/security/2018/dsa-4170
- https://www.debian.org/security/2018/dsa-4170