Home

CVE-2022-21722

Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the master branch. There are no known workarounds.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.463

Associated Vulnerability

VulnerabilityOS Platform
asterisk security update(DSA-5285-1) asterisk_16.28.0~dfsg-0+deb11u1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami_20230206.0~ds1-5ubuntu0.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20180228.1.503da2b~ds1-1build1_i386.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20180228.1.503da2b~ds1-1build1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_all.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami-daemon_20230206.0~ds1-5ubuntu0.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami-daemon_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20180228.1.503da2b~ds1-1build1_i386.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20180228.1.503da2b~ds1-1build1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_all.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234