CVE-2021-41141

Name: CVE-2021-41141
Creator: NVD / NIST
Published: 2022-01-04T19:15:14.687+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 1.37%

Last modified Jun 17, 2026

CVE-2021-41141 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. EPSS estimates a 1.37% chance of exploitation in the next 30 days.

Description

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

1.37%

68.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Teluu	Pjsip	<= 2.11.1
Debian	Debian Linux	9.0

References

https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196Patch, Third Party Advisory
https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmcPatch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.htmlMailing List, Third Party Advisory
https://security.gentoo.org/glsa/202210-37Third Party Advisory
https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196Patch, Third Party Advisory
https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmcPatch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.htmlMailing List, Third Party Advisory
https://security.gentoo.org/glsa/202210-37Third Party Advisory

Timeline

Published: Jan 4, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-41141?

How severe is CVE-2021-41141?

CVE-2021-41141 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.37% probability of exploitation in the next 30 days.

How do I fix CVE-2021-41141?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-41141?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST