Published: 20/12/2022 Updated: 25/01/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).

Vulnerable Product	Search on Vulmon	Subscribe to Product
teluu pjsip
debian debian linux 10.0

Debian Bug report logs - #1032092 asterisk: CVE-2022-23537 CVE-2022-23547 CVE-2022-39269 Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 27 Feb 2023 19:51:01 UTC Severity: grave Tags: sec ...

Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code For the stable distribution (bullseye), these problems have been fixed in version 1:16280~dfsg-0+d ...

CWE-122 https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5358

CVE-2022-23537

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect