VDB
CVE-2022-21722
CVE-2022-21722
PUBLISHED
CVSS 9.100000381469727 CRITICAL
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.
EPSS 0.46% · 64.5th percentile
Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
0.46%
64.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pjsip | pjproject | * |
| teluu | pjsip | 0 |
| debian | debian_linux | 10.0, 9.0 |
Timeline
- Jan 27, 2022 CVE Published
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 24, 2022 EPSS Score
- Sep 7, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 20, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 4, 2023 EPSS Score
- Jul 18, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36 url
- https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a url
- [debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update mailing-list
- GLSA-202210-37 vendor-advisory
- [debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update mailing-list
- DSA-5285 vendor-advisory
- [debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update mailing-list
- https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html url