CVE-2022-24764Classic Buffer Overflow in Pjproject

CWE-120Classic Buffer OverflowCWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write8 documents5 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
0.9%
top 23.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Debian AsteriskDebian RingPjsip Pjproject+2 more
Timeline
PublishedMar 22
Latest updateOct 24

Description

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDteluu/pjsip2.12
CVEListV5pjsip/pjproject2.12
debiandebian/ring< asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye)
debiandebian/asterisk< asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye)

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
ring vulnerabilities2023-10-24
OSV
ring vulnerabilities2023-10-09
OSV
CVE-2022-24764: PJSIP is a free and open source multimedia communication library written in C2022-03-22

📋Vendor Advisories

3
Ubuntu
Ring vulnerabilities2023-10-24
Ubuntu
Ring vulnerabilities2023-10-09
Debian
CVE-2022-24764: asterisk - PJSIP is a free and open source multimedia communication library written in C. V...2022

💬Community

1
Bugzilla
CVE-2021-438450 CVE-2021-438451 CVE-2022-217221 CVE-2022-247541 CVE-2022-247542 CVE-2022-247631 CVE-2022-247633 CVE-2022-247641 CVE-2022-247644 CVE-2022-247931 CVE-2022-247935 asterisk: pjsip: Multipl2023-02-27
CVE-2022-24764 — Classic Buffer Overflow in Pjproject | cvebase