CVE-2017-16872

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.7.1

Description An issue was discovered in the parsing of numeric header fields in a SIP message, such as cseq, ttl, and port. This could lead to a buffer overflow, causing unintended values to be captured or a buffer overrun if the values are converted back to strings. A potential exploit could utilize carefully crafted invalid values.

Recommendations For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of numeric header fields in SIP messages to minimize the risk of exploitation. Avoid using the affected pjlib and pjlib-util components in Teluu pjproject until the issue is resolved.