CVE-2021-32686
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-32686
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32686.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-32686
- Downstream
- Related
- Published
- 2021-07-23T22:15:08.373Z
- Modified
- 2025-11-20T11:46:46.748284Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.
- References
-
- https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html
- https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd
- https://github.com/pjsip/pjproject/pull/2716
- https://github.com/pjsip/pjproject/releases/tag/2.11.1
- https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr
- https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
- https://security.gentoo.org/glsa/202210-37
- https://www.debian.org/security/2021/dsa-4999
Affected packages
Git / github.com/pjsip/pjproject
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pjsip/pjproject
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Database specific
vanir_signatures
[
{
"target": {
"file": "pjsip/src/pjsip/sip_transport_tls.c"
},
"digest": {
"line_hashes": [
"140932697934483218368548560736896499395",
"118590661483100439881986118029494056347",
"109800045936349098506431599877004810196",
"333802378110572779788250324956388043385",
"310772943856257186413723948172502760875",
"224128272733403774379989290698649098009",
"87840771572123257888973564995638004834",
"166626021917886657172592399676869568125",
"15922769180627089096563758044747423717",
"268175221184438253448244792497753672177",
"173676717555089343547707016656090378163",
"232909359693329530515342134654710832186",
"70215257314659436992649169316809525821",
"292474985065362497496770759530232848062"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd",
"deprecated": false,
"id": "CVE-2021-32686-1aa9a2f5",
"signature_type": "Line"
},
{
"target": {
"function": "STATUS_FROM_SSL_ERR2",
"file": "pjlib/src/pj/ssl_sock_ossl.c"
},
"digest": {
"length": 290.0,
"function_hash": "87514367646041548440365361619785642496"
},
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd",
"deprecated": false,
"id": "CVE-2021-32686-237331bf",
"signature_type": "Function"
},
{
"target": {
"file": "pjlib/src/pj/ssl_sock_imp_common.c"
},
"digest": {
"line_hashes": [
"18252950319280553483693426543786069228",
"256153771325731284703475544556925510496",
"28486398454948085019570118855059266539",
"84840687520626321206914727722195549037",
"24836787113382272882907220424600101644",
"217111788868000804568133233564489494216",
"180869881365623036533541556012049076486",
"100957989714258852309499275004142253360",
"203914491246382701039621339163175888000",
"304643517560155641292436211964102968802",
"254228794417405585502066802935062719036",
"237828750106208046394273232701521529733",
"306482421379105951389654994411652380881",
"38337768613726704043049742858601931390",
"117273955101896224412459947005131553248",
"251626697215728309364595781607341627422",
"236605522888418655452087889319971386506",
"3851736057392301750479759484641405530",
"325217257736097031867989703400966702147",
"262353775495221249254254858885862948541",
"174673647313145062211616049598516705050",
"7357639501596112706271712226964423753",
"279969968078905623100449081842446195327",
"156313267238760125248264234393415477193",
"315471734780592212280720162779133422703",
"219290064587887231943833916571640758316",
"277803332607429245718885211417402477712",
"5639728921897134070608683347798461870",
"59135043390636686412825798145536846402",
"62124200933345346044759977741565002179",
"75584437666550575501988602491338171400",
"272196274323430729052027437913071668867",
"172068513464892241047748889651970411511",
"272441399677960375624278177410691244135",
"319577583944447292638338674278287066654",
"283406732253606001914807607105002970376",
"121092600099609383125088494024538418415",
"160705281603272404312536191299510214478",
"154320342516792117629548055046429530888",
"114500982600112485648424173709550466412",
"199572938868676814216649253392299794109",
"4966998505740530539198435380374746241",
"331664288600580205957260817382836647698",
"306895746142300728568183355902479602117",
"29805631871916423103768326481700751818",
"87645864256688628123043392178974939878",
"263975314570549813388067573002904093698",
"38719870199303516225886312090987275943",
"314571086539046102525891119809930449151",
"159141051647402120743397424694144958745",
"12933776171169815247211762777838323361",
"57923972364010941699845409000464867579"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd",
"deprecated": false,
"id": "CVE-2021-32686-386203b9",
"signature_type": "Line"
},
{
"target": {
"function": "on_handshake_complete",
"file": "pjlib/src/pj/ssl_sock_imp_common.c"
},
"digest": {
"length": 2345.0,
"function_hash": "179740838800637229524325446287628465579"
},
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd",
"deprecated": false,
"id": "CVE-2021-32686-3b275c74",
"signature_type": "Function"
},
{
"target": {
"function": "verify_cb",
"file": "pjlib/src/pj/ssl_sock_ossl.c"
},
"digest": {
"length": 2246.0,
"function_hash": "326040681455073002144112236576574798008"
},
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd",
"deprecated": false,
"id": "CVE-2021-32686-513505df",
"signature_type": "Function"
},
{
"target": {
"function": "ssl_reset_sock_state",
"file": "pjlib/src/pj/ssl_sock_ossl.c"
},
"digest": {
"length": 408.0,
"function_hash": "101081476854559734136837778994810640389"
},
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd",
"deprecated": false,
"id": "CVE-2021-32686-95e73672",
"signature_type": "Function"
},
{
"target": {
"function": "init_openssl",
"file": "pjlib/src/pj/ssl_sock_ossl.c"
},
"digest": {
"length": 3518.0,
"function_hash": "8118482381805178818440912739540646437"
},
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd",
"deprecated": false,
"id": "CVE-2021-32686-abcb1931",
"signature_type": "Function"
},
{
"target": {
"function": "on_accept_complete2",
"file": "pjsip/src/pjsip/sip_transport_tls.c"
},
"digest": {
"length": 3519.0,
"function_hash": "150581142830466230818483646195129574731"
},
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd",
"deprecated": false,
"id": "CVE-2021-32686-cd9b57f2",
"signature_type": "Function"
},
{
"target": {
"function": "STATUS_FROM_SSL_ERR",
"file": "pjlib/src/pj/ssl_sock_ossl.c"
},
"digest": {
"length": 342.0,
"function_hash": "176161265189050759411748644744173437102"
},
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd",
"deprecated": false,
"id": "CVE-2021-32686-d043f823",
"signature_type": "Function"
},
{
"target": {
"file": "pjlib/src/pj/ssl_sock_ossl.c"
},
"digest": {
"line_hashes": [
"25870702981557702235359331534215036970",
"309879689108578018218600488602378821167",
"146318512107363663084084490694742277684",
"69182912726792548931281277459969331861",
"61813401780235946129477015088634335669",
"106856037958905225291139125948789309385",
"197619587360347980179603603530176458722",
"206019698915043572329565126913467165032",
"246314733113036202193561305329115158402",
"172748650871032629074435546627187938860",
"111979224532016398074859783752085040350",
"340214681985562815657174550837153639554",
"330866281398208881725287478605603358477",
"17143535986612679290498488646883922363",
"267807988783754689508371848145793285966",
"212854445774302055770536868340283611381",
"20136210091535369246719317876818416132",
"129496760434160379688840739903218862258",
"7967649791488245362014458996479986105",
"239141375550738482796984201611814997533",
"327362171311462519796381692660780236939",
"65861046223795567217604318846155610832",
"148956728744442382569928090772968436991",
"275182202617081722369416464247000629043",
"79461307439311330044033431554730319396",
"265225240964249267630706855774474903002",
"120252274198565432340617642159866616511",
"124657231027435183893810091054616546787",
"84996005204443456924111993027866798265",
"101670615829519301801938780930956882239",
"215851121867905594279709487323788666173",
"293903292578179444508830622583223106483"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd",
"deprecated": false,
"id": "CVE-2021-32686-fcfadffc",
"signature_type": "Line"
},
{
"target": {
"function": "ssock_on_accept_complete",
"file": "pjlib/src/pj/ssl_sock_imp_common.c"
},
"digest": {
"length": 3979.0,
"function_hash": "84787294693304893400992381060548000027"
},
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd",
"deprecated": false,
"id": "CVE-2021-32686-ffde2f3b",
"signature_type": "Function"
}
]