CVE-2017-16875: Integer Overflow
First published: Fri Nov 17 2017(Updated: )
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/pjproject | ||
| Teluu PJSIP | <2.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2017-16875.
What is the severity of CVE-2017-16875?
The severity of CVE-2017-16875 is high with a severity value of 7.5.
What is the affected software for CVE-2017-16875?
The affected software for CVE-2017-16875 is Teluu pjproject.
How does the vulnerability in CVE-2017-16875 work?
The vulnerability in CVE-2017-16875 allows an attacker to trigger an integer overflow by initiating a socket connection with specific settings and sequences, resulting in a double key unregistration in the ioqueue component.
Are there any known fixes or remedies for CVE-2017-16875?
There are currently no known fixes or remedies for CVE-2017-16875. It is recommended to update to PJSIP version 2.7.1 or newer.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/security-tracker-debian
- vendor/teluu
- canonical/teluu pjsip
- package-manager/debian