CVE-2021-32686

Published: Jul 23, 2021Modified: Nov 4, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.

Affected (3)

Products: Teluu: Pjsip · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Teluu Pjsip	Before 2.11.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 9.0

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (15)

https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/pjsip/pjproject/pull/2716

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/pjsip/pjproject/releases/tag/2.11.1

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr

Source: security-advisories@github.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

Source: security-advisories@github.com

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202210-37

Source: security-advisories@github.com

Third Party Advisory

https://www.debian.org/security/2021/dsa-4999

Source: security-advisories@github.com

Third Party Advisory

https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/pjsip/pjproject/pull/2716

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/pjsip/pjproject/releases/tag/2.11.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202210-37

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2021/dsa-4999

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.