CVE-2022-21722 — Out-of-bounds Read in Pjproject
Severity
9.1CRITICALNVD
OSV9.8OSV5.5
EPSS
0.5%
top 35.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 27
Latest updateDec 15
Description
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2
Affected Packages4 packages
Also affects: Debian Linux 10.0, 9.0
Patches
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
1Bugzilla▶
CVE-2021-438450 CVE-2021-438451 CVE-2022-217221 CVE-2022-247541 CVE-2022-247542 CVE-2022-247631 CVE-2022-247633 CVE-2022-247641 CVE-2022-247644 CVE-2022-247931 CVE-2022-247935 asterisk: pjsip: Multipl↗2023-02-27