Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 803611 - [Tracker] PJSIP vulnerability (CVE-2021-32686)
Summary: [Tracker] PJSIP vulnerability (CVE-2021-32686)
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/pjsip/pjproject/se...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-07-24 02:53 UTC by John Helmert III
Modified: 2021-07-24 03:02 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-24 02:53:16 UTC 
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-24 03:02:44 UTC 
Sorry, pjproject isn't bundled in Asterisk so a tracker is unecessary.