CVE-2018-1000099

Опубликовано: 13 мар. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.

Ссылки

https://trac.pjsip.org/repos/milestone/release-2.7.2
Vendor Advisory
https://trac.pjsip.org/repos/ticket/2092
Vendor Advisory
https://trac.pjsip.org/repos/ticket/2094
Patch
Vendor Advisory
https://www.debian.org/security/2018/dsa-4170
Third Party Advisory
https://trac.pjsip.org/repos/milestone/release-2.7.2
Vendor Advisory
https://trac.pjsip.org/repos/ticket/2092
Vendor Advisory
https://trac.pjsip.org/repos/ticket/2094
Patch
Vendor Advisory
https://www.debian.org/security/2018/dsa-4170
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*

Версия до 2.7.1 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.0097

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-824

Связанные уязвимости

CVE-2018-1000099

CVSS3: 7.5

ubuntu

почти 8 лет назад

CVE-2018-1000099

CVSS3: 7.5

debian

почти 8 лет назад

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninit ...

GHSA-g2mm-3mxm-q4ww

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 76%

0.0097

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-824