Candidate: CVE-2017-16875
PublicDate: 2017-11-17 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16875
 https://trac.pjsip.org/repos/ticket/2055
 https://trac.pjsip.org/repos/changeset/5680
 https://trac.pjsip.org/repos/milestone/release-2.7.1
Description:
 An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP
 before 2.7.1. The ioqueue component may issue a double key unregistration
 after an attacker initiates a socket connection with specific settings and
 sequences. Such double key unregistration will trigger an integer overflow,
 which may cause ioqueue backends to reject future key registrations.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_pjproject:
upstream_pjproject: released (2.7.1~dfsg-1)
precise/esm_pjproject: DNE
trusty_pjproject: ignored (reached end-of-life)
trusty/esm_pjproject: DNE (trusty was needed)
xenial_pjproject: ignored (end of standard support, was needed)
zesty_pjproject: ignored (reached end-of-life)
artful_pjproject: ignored (reached end-of-life)
bionic_pjproject: not-affected (2.7.2~dfsg-1)
cosmic_pjproject: not-affected (2.7.2~dfsg-1)
disco_pjproject: not-affected (2.7.2~dfsg-1)
eoan_pjproject: not-affected (2.7.2~dfsg-1)
focal_pjproject: DNE
groovy_pjproject: DNE
hirsute_pjproject: DNE
impish_pjproject: DNE
jammy_pjproject: DNE
devel_pjproject: DNE