DEBIAN-CVE-2021-32686
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2021-32686
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-32686.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-32686
- Upstream
- Published
- 2021-07-23T22:15:08Z
- Modified
- 2025-09-19T07:31:36.827931Z
- Summary
- [none]
- Details
-
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.
- References
Affected packages
Debian:11 / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/debian/asterisk?arch=source
Debian:11 / ring
Package
- Name
- ring
- Purl
- pkg:deb/debian/ring?arch=source
Debian:12 / ring
Package
- Name
- ring
- Purl
- pkg:deb/debian/ring?arch=source