An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.
{ "binaries": [ { "binary_name": "libpj2", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" }, { "binary_name": "libpjlib-util2", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" }, { "binary_name": "libpjmedia-audiodev2", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" }, { "binary_name": "libpjmedia-codec2", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" }, { "binary_name": "libpjmedia-videodev2", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" }, { "binary_name": "libpjmedia2", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" }, { "binary_name": "libpjnath2", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" }, { "binary_name": "libpjproject-dev", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" }, { "binary_name": "libpjsip-simple2", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" }, { "binary_name": "libpjsip-ua2", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" }, { "binary_name": "libpjsip2", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" }, { "binary_name": "libpjsua2", "binary_version": "2.1.0.0.ast20130823-1+deb8u1build0.16.04.1" } ] }