CVE-2022-24763 — Infinite Loop in Pjsip

CWE-835 — Infinite Loop9 documents5 sources

Severity

7.5HIGHNVD

OSV9.8

EPSS

1.4%

top 19.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pjsip Debian Asterisk Debian Ring +2 more

Timeline

PublishedMar 30

Latest updateOct 24

Description

PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDpjsip/pjsip2.5 — 2.13

▶CVEListV5pjsip/pjproject2.12

▶debiandebian/ring< asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye)

▶debiandebian/asterisk< asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye)

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

ring vulnerabilities↗2023-10-24

▶

OSV

ring vulnerabilities↗2023-10-09

▶

OSV

CVE-2022-24763: PJSIP is a free and open source multimedia communication library written in the C language↗2022-03-30

▶

📋Vendor Advisories

Ubuntu

Ring vulnerabilities↗2023-10-24

▶

Ubuntu

Ring vulnerabilities↗2023-10-09

▶

Debian

CVE-2022-24763: asterisk - PJSIP is a free and open source multimedia communication library written in the ...↗2022

▶

💬Community

Bugzilla

CVE-2021-438450 CVE-2021-438451 CVE-2022-217221 CVE-2022-247541 CVE-2022-247542 CVE-2022-247631 CVE-2022-247633 CVE-2022-247641 CVE-2022-247644 CVE-2022-247931 CVE-2022-247935 asterisk: pjsip: Multipl↗2023-02-27

▶

Bugzilla

CVE-2021-41141 CVE-2021-43845 CVE-2022-24754 CVE-2022-24763 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 asterisk: pjsip: Multiple vulnerabilities [epel-all]↗2023-02-27

▶