How severe is CVE-2021-32686?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2021-32686?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2021-32686

MEDIUM Year: 2021

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.

CVE-2007-4774

MEDIUM

CVSS:5.9(Medium)

The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.

CWE-3622007

CVE-2010-0021

MEDIUM

CVSS:5.9(Medium)

Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to c...

CWE-3622010

CVE-2012-3552

MEDIUM

CVSS:5.9(Medium)

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application...

CWE-3622012

CVE-2014-0245

MEDIUM

CVSS:5.9(Medium)

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SO...

CWE-3622014

CVE-2015-6569

MEDIUM

CVSS:5.9(Medium)

Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state...

CWE-3622015

CVE-2016-10027

MEDIUM

CVSS:5.9(Medium)

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of clear...

CWE-3622016

CVE-2021-32686

Vulnerability Description

Related Vulnerabilities

CVE-2007-4774

CVE-2010-0021

CVE-2012-3552

CVE-2014-0245

CVE-2015-6569

CVE-2016-10027