Home

CVE-2022-24764

Description

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmedia_sdp_print(), pjmedia_sdp_media_print(). Applications that do not use PJSUA2 and do not directly call pjmedia_sdp_print() or pjmedia_sdp_media_print() should not be affected. A patch is available on the master branch of the pjsip/pjproject GitHub repository. There are currently no known workarounds.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.942

Associated Vulnerability

VulnerabilityOS Platform
asterisk security update(DSA-5285-1) asterisk_16.28.0~dfsg-0+deb11u1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami_20230206.0~ds1-5ubuntu0.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20180228.1.503da2b~ds1-1build1_i386.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20180228.1.503da2b~ds1-1build1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_all.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami-daemon_20230206.0~ds1-5ubuntu0.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami-daemon_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20180228.1.503da2b~ds1-1build1_i386.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20180228.1.503da2b~ds1-1build1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_all.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234