CVE-2017-16875

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.7.1

Description An issue was discovered in the ioqueue component of Teluu pjproject (pjlib and pjlib-util) in PJSIP. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. This double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.

Recommendations For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ioqueue component to minimize the risk of exploitation. Avoid using the ioqueue component with specific settings and sequences that may trigger the double key unregistration until the issue is resolved.