VDB
CVE-2022-39244
CVE-2022-39244
PUBLISHED
CVSS 7.5 HIGH
PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.
EPSS 0.33% · 55.7th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.33%
55.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pjsip | pjproject | < 2.13 |
| pjsip | pjsip | 0 |
Timeline
- Oct 6, 2022 CVE Published
- Oct 7, 2022 EPSS Score
- Nov 20, 2022 EPSS Score
- Jan 3, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 16, 2023 EPSS Score
- Jun 29, 2023 EPSS Score
- Aug 12, 2023 EPSS Score
- Sep 25, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
- Feb 4, 2024 EPSS Score
References
- https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj url
- https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae url
- GLSA-202210-37 vendor-advisory
- [debian-lts-announce] 20230222 [SECURITY] [DLA 3335-1] asterisk security update mailing-list
- DSA-5358 vendor-advisory
- [debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update mailing-list
- https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html url