CVE-2022-39244Classic Buffer Overflow in Pjproject

CWE-120Classic Buffer Overflow7 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 44.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Pjsip PjprojectPjsipDebian Asterisk+1 more
Timeline
PublishedOct 6
Latest updateOct 24

Description

PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDpjsip/pjsip< 2.13
CVEListV5pjsip/pjproject< 2.13
debiandebian/asterisk< asterisk 1:16.28.0~dfsg-0+deb11u2 (bullseye)
debiandebian/ring< asterisk 1:16.28.0~dfsg-0+deb11u2 (bullseye)

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
ring vulnerabilities2023-10-24
OSV
ring vulnerabilities2023-10-09
OSV
CVE-2022-39244: PJSIP is a free and open source multimedia communication library written in C2022-10-06

📋Vendor Advisories

3
Ubuntu
Ring vulnerabilities2023-10-24
Ubuntu
Ring vulnerabilities2023-10-09
Debian
CVE-2022-39244: asterisk - PJSIP is a free and open source multimedia communication library written in C. I...2022
CVE-2022-39244 — Classic Buffer Overflow in Pjproject | cvebase