Candidate: CVE-2021-41141
PublicDate: 2022-01-04 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41141
 https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc
 https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196
Description:
 PJSIP is a free and open source multimedia communication library written in
 the C language implementing standard based protocols such as SIP, SDP, RTP,
 STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs,
 it is found that the function returns without releasing the currently held
 locks. This could result in a system deadlock, which cause a denial of
 service for the users. No release has yet been made which contains the
 linked fix commit. All versions up to an including 2.11.1 are affected.
 Users may need to manually apply the patch.
Ubuntu-Description:
Notes:
 amurray| ring contains an embedded copy of pjsip
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_ring:
upstream_ring: needs-triage
trusty_ring: ignored (out of standard support)
xenial_ring: ignored (out of standard support)
bionic_ring: needs-triage
focal_ring: needs-triage
hirsute_ring: ignored (reached end-of-life)
impish_ring: needs-triage
jammy_ring: DNE
devel_ring: DNE