In a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed. The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leads to endless loop.
Impact
It is a use after free vulnerability and affects all PJSIP users.
Patches
The patch is available as commit db32359 in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at security@pjsip.org
typetetris Analyst
In a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed. The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leads to endless loop.
Impact
It is a use after free vulnerability and affects all PJSIP users.
Patches
The patch is available as commit db32359 in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at security@pjsip.org