CVE-2021-21375
ring - security update
6.5
MEDIUM
CVSS 3.1
EPSS 1.1%
Description
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.
How to fix CVE-2021-21375
To remediate CVE-2021-21375, upgrade the affected package to a fixed version below.
- —upgrade to 2.11-r0 or later
- —upgrade to 2.5.5~dfsg-6+deb9u2 or later
- —upgrade to 20210112.2.b757bac~ds1-1 or later
- —upgrade to 20161221.2.7bd7d91~dfsg1-1+deb9u1 or later
Is CVE-2021-21375 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 2.11-r0
- from 0, < 2.5.5~dfsg-6+deb9u2
- from 0, < 20210112.2.b757bac~ds1-1
- from 0, < 20161221.2.7bd7d91~dfsg1-1+deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |