| Errata ID | 389 |
|---|---|
| Date | 2018-05-08 |
| Source package | pjproject |
| Fixed in version | 2.1.0.0.ast20130823-1+deb8u1 |
| Description | This update addresses the following issues: * PJSIP allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. (CVE-2017-9372) * The multi-part body parser in PJSIP allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. (CVE-2017-9359) |
| Additional notes | |
| CVE ID | CVE-2017-9372 CVE-2017-9359 |
| UCS Bug number | #45234 |
