Headline
CVE-2021-41141
PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch.
Missing unreleased of locks in failure cases
Package
No package listed
Affected versions
2.11.1 or lower
Patched versions
2.12 or later
Description
In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users.
Impact
It affects all users of PJSIP that use the affected components.
Patches
The patch is available as commit 1aa2c0e in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]
Related news
Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.