Headline
CVE-2021-41141: Build software better, together
PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch.
Missing unreleased of locks in failure cases
Package
No package listed
Affected versions
2.11.1 or lower
Description
In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users.
Impact
It affects all users of PJSIP that use the affected components.
Patches
The patch is available as commit 1aa2c0e in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]