CVE-2022-24792Infinite Loop in Pjproject

CWE-835Infinite Loop4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.6%
top 18.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Debian AsteriskDebian RingPjsip Pjproject+2 more
Timeline
PublishedApr 25
Latest updateFeb 27

Description

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project`

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDteluu/pjsip2.12
CVEListV5pjsip/pjproject2.12
debiandebian/ring< asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye)
debiandebian/asterisk< asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye)

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

1
OSV
CVE-2022-24792: PJSIP is a free and open source multimedia communication library written in C2022-04-25

📋Vendor Advisories

1
Debian
CVE-2022-24792: asterisk - PJSIP is a free and open source multimedia communication library written in C. A...2022

💬Community

1
Bugzilla
CVE-2021-41141 CVE-2021-43845 CVE-2022-24754 CVE-2022-24763 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 asterisk: pjsip: Multiple vulnerabilities [epel-all]2023-02-27
CVE-2022-24792 — Infinite Loop in Pjsip Pjproject | cvebase