CVE-2023-38703 — Use After Free in Pjproject

CWE-416 — Use After Free4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 48.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pjsip Pjproject Teluu Pjsip

Timeline

PublishedOct 6

Description

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media t…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDteluu/pjsip2.13.1

▶CVEListV5pjsip/pjproject2.13.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

PJSIP has use-after-free vulnerability in SRTP media transport↗2023-10-06

▶

OSV

CVE-2023-38703: PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages↗2023-10-06

▶

📋Vendor Advisories

Debian

CVE-2023-38703: asterisk - PJSIP is a free and open source multimedia communication library written in C wi...↗2023

▶