CVE-2022-24786
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the master branch of the pjsip/pjproject GitHub repository. There are currently no known workarounds.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| pjsip | pjproject | <= 2.12 | affected |
Weaknesses
- CWE-125: CWE-125: Out-of-bounds Read
- CWE-787: CWE-787: Out-of-bounds Write
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q
- https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508
- https://security.gentoo.org/glsa/202210-37
- https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
- https://www.debian.org/security/2022/dsa-5285
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q
- https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508
- https://security.gentoo.org/glsa/202210-37
- https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
- https://www.debian.org/security/2022/dsa-5285
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.