Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-23547

Published: 23/12/2022 Updated: 30/08/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Pjsip

Vulnerability Summary

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pjsip pjsip

Vendor Advisories

Debian CVElist Bug Report Logs: asterisk: CVE-2022-23537 CVE-2022-23547 CVE-2022-39269
Debian Bug report logs - #1032092 asterisk: CVE-2022-23537 CVE-2022-23547 CVE-2022-39269 Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 27 Feb 2023 19:51:01 UTC Severity: grave Tags: sec ...
Debian Security Advisories: DSA-5358-1 asterisk -- security update
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code For the stable distribution (bullseye), these problems have been fixed in version 1:16280~dfsg-0+d ...

References

CWE-122https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7frhttps://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26whttps://lists.debian.org/debian-lts-announce/2023/08/msg00038.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5358
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook