Browse all 38 CVE security advisories affecting pjsip. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PJSIP is an open-source multimedia communication library primarily utilized for developing Voice over IP (VoIP) applications, including softphones and SIP servers. Its widespread adoption in embedded systems and enterprise telephony solutions has resulted in a significant attack surface, evidenced by thirty-seven recorded Common Vulnerabilities and Exposures. Historically, the codebase has been susceptible to critical flaws such as remote code execution, buffer overflows, and denial-of-service conditions, often stemming from inadequate input validation and memory management errors. While not inherently insecure, its complexity and frequent updates have led to periodic security incidents where attackers exploited parsing vulnerabilities to gain unauthorized access or disrupt services. Developers are advised to prioritize regular patching and rigorous code auditing to mitigate these risks, ensuring the integrity of communication infrastructure that relies on this foundational library for real-time audio and video transmission.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-21722 | Potential out-of-bound read during RTP/RTCP parsing in PJSIP — pjprojectCWE-125 | 9.1 | Critical | 2022-01-27 |
| CVE-2021-41141 | Missing release of locks in PJSIP — pjprojectCWE-667 | 5.9 | Medium | 2022-01-04 |
| CVE-2021-43845 | Prevent out-of-bounds read in PJSIP — pjprojectCWE-125 | 8.2 | High | 2021-12-27 |
| CVE-2021-43804 | Out-of-bounds read when parsing RTCP BYE message in PJSIP — pjprojectCWE-125 | 7.3 | High | 2021-12-22 |
| CVE-2021-37706 | Potential integer underflow upon receiving STUN message in PJSIP — pjprojectCWE-191 | 7.3 | High | 2021-12-22 |
| CVE-2021-32686 | Denial of Service in PJSIP — pjprojectCWE-362 | 5.9 | Medium | 2021-07-23 |
| CVE-2021-21375 | Crash in receiving updated SDP answer after initial SDP negotiation failed — pjprojectCWE-400 | 6.5 | Medium | 2021-03-10 |
| CVE-2020-15260 | Existing TLS connections can be reused without checking remote hostname — pjprojectCWE-297 | 6.8 | Medium | 2021-03-10 |
This page lists every published CVE security advisory associated with pjsip. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.