CVE-2022-21722
published 2022-01-27CVE-2022-21722: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN…
PriorityP355critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
2.40%
82.0th percentile
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye) | asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | ring | < asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye) | asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye) |
| pjsip | pjproject | <= 2.11.1 | — |
| teluu | pjsip | <= 2.11.1 | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv9.8CRITICAL
vendor_debian9.1CRITICAL
vendor_ubuntu7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-fips vulnerabilities
osv·2025-12-15·CVSS 5.5
linux-fips vulnerabilities
linux-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- Hardware monitoring drivers;
- InfiniBand drivers;
- MTD block device drivers;
- Network drivers;
- DesignWare USB3 driver;
- Ceph distributed file system;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- File systems infrastructure;
- Tracing infrastructure;
- Appletalk network protocol;
- IPv6 networking;
- Netfilter;
(CVE-2021-47146, CVE-2021-47269, CVE-2021-47385, CVE-2021-47634,
CVE-2022-49026, CVE-2024-49935, CVE-2024-50067, CVE-2024-50095,
CVE-2024-50179, CVE-2024-53112, CVE-2024-53217, CVE-2025-21715,
CVE-2025-21722, CVE-
OSV
ring vulnerabilities
osv·2023-10-24·CVSS 9.8
CVE-2021-37706 [CRITICAL] ring vulnerabilities
ring vulnerabilities
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
(CVE-2023-27585)
Original advisory details:
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
I
OSV
ring vulnerabilities
osv·2023-10-09·CVSS 9.8
CVE-2021-37706 [CRITICAL] ring vulnerabilities
ring vulnerabilities
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,
CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723,
CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754,
CVE-2022-24763, CVE-2022-24764, CVE-2022
OSV
CVE-2022-21722: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, ST
osv·2022-01-27·CVSS 9.1
CVE-2022-21722 [CRITICAL] CVE-2022-21722: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, ST
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.
Ubuntu
Ring vulnerabilities
vendor_ubuntu·2023-10-24·CVSS 7.3
CVE-2023-27585 [HIGH] Ring vulnerabilities
Title: Ring vulnerabilities
Summary: Several security issues were fixed in Ring.
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
(CVE-2023-27585)
Original advisory details:
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly
Ubuntu
Ring vulnerabilities
vendor_ubuntu·2023-10-09·CVSS 7.3
CVE-2021-37706 [HIGH] Ring vulnerabilities
Title: Ring vulnerabilities
Summary: Several security issues were fixed in Ring.
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,
CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723,
CVE-2022-23537, CVE-2022-23547, CVE-2022-23
Debian
CVE-2022-21722: asterisk - PJSIP is a free and open source multimedia communication library written in C la...
vendor_debian·2022·CVSS 9.1
CVE-2022-21722 [CRITICAL] CVE-2022-21722: asterisk - PJSIP is a free and open source multimedia communication library written in C la...
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.
Scope: local
bullseye: resolved (fixed in 1:16.28.0~dfsg-0+deb11u1)
sid: resolved (fixed in 1:18.12.0~dfsg+~cs6.12.40431413-1)
No detection rules found.
No public exploits indexed.
https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397ahttps://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36https://lists.debian.org/debian-lts-announce/2022/03/msg00035.htmlhttps://lists.debian.org/debian-lts-announce/2022/11/msg00021.htmlhttps://lists.debian.org/debian-lts-announce/2023/08/msg00038.htmlhttps://security.gentoo.org/glsa/202210-37https://www.debian.org/security/2022/dsa-5285https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397ahttps://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36https://lists.debian.org/debian-lts-announce/2022/03/msg00035.htmlhttps://lists.debian.org/debian-lts-announce/2022/11/msg00021.htmlhttps://lists.debian.org/debian-lts-announce/2023/08/msg00038.htmlhttps://lists.debian.org/debian-lts-announce/2024/09/msg00030.htmlhttps://security.gentoo.org/glsa/202210-37https://www.debian.org/security/2022/dsa-5285
2022-01-27
Published