CVE-2022-24764
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmedia_sdp_print(), pjmedia_sdp_media_print(). Applications that do not use PJSUA2 and do not directly call pjmedia_sdp_print() or pjmedia_sdp_media_print() should not be affected. A patch is available on the master branch of the pjsip/pjproject GitHub repository. There are currently no known workarounds.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| pjsip | pjproject | <= 2.12 | affected |
Weaknesses
- CWE-120: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-121: CWE-121: Stack-based Buffer Overflow
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
- https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
- https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
- https://security.gentoo.org/glsa/202210-37
- https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
- https://www.debian.org/security/2022/dsa-5285
- https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
- https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
- https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
- https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
- https://security.gentoo.org/glsa/202210-37
- https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
- https://www.debian.org/security/2022/dsa-5285
- https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.