VDB
CVE-2022-24786
CVE-2022-24786
PUBLISHED
CVSS 9.800000190734863 CRITICAL
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
EPSS 0.74% · 73.2th percentile
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.74%
73.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pjsip | pjproject | <= 2.12 |
| debian | debian_linux | 10.0, 9.0 |
| pjsip | pjsip | 0 |
Timeline
- Apr 6, 2022 CVE Published
- Apr 9, 2022 EPSS Score
- May 29, 2022 EPSS Score
- Jul 20, 2022 EPSS Score
- Oct 28, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 6, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
- Jul 7, 2023 EPSS Score
- Aug 26, 2023 EPSS Score
- Oct 15, 2023 EPSS Score
References
- https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q url
- https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508 url
- GLSA-202210-37 vendor-advisory
- [debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update mailing-list
- DSA-5285 vendor-advisory