When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely.

Impact

The vulnerability impacts all PJSIP users that use SRTP.

Patches

The patch is available as commit d2acb9a in the master branch.

For more information

If you have any questions or comments about this advisory:
Email us at security@pjsip.org