Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-21722

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.

Published

2022-01-27T00:15:07.653

Last Modified

2024-11-21T06:45:18.417

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-125
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	teluu	pjsip	≤ 2.11.1	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes

References

https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a Patch, Third Party Advisory ([email protected])
https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36 Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html ([email protected])
https://security.gentoo.org/glsa/202210-37 Third Party Advisory ([email protected])
https://www.debian.org/security/2022/dsa-5285 Third Party Advisory ([email protected])
https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-37 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5285 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)