CVE-2021-21375
Published: 10 March 2021
Summary
CVE-2021-21375 is a medium-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Teluu Pjsip. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 21.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-8685
Vulnerability details
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent,…
more
when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Resource consumption and denial-of-service testing performed under the assessment plan detects uncontrolled allocation paths that are subsequently fixed.
MTTF monitoring plus ready substitutes directly mitigate sustained resource exhaustion by allowing component swap before or at failure.
Limiting concurrent sessions directly prevents uncontrolled resource consumption by capping the number of active sessions per user or account.
Requires detection and response to audit logging failures as an unusual or exceptional condition.
Analysis identifies uncontrolled resource consumption indicative of denial-of-service or abuse attempts.
Implements detection of unusual or exceptional conditions followed by safe mode entry, reducing the window for exploitation of unchecked conditions.
Training ensures users perform required checks for unusual or exceptional conditions as part of contingency roles, limiting attacker leverage from skipped validations.
Contingency plan testing includes resource exhaustion scenarios to verify recovery, making it harder for attackers to sustain exploits that cause uncontrolled consumption.