VDB
CVE-2023-38703
CVE-2023-38703
PUBLISHED
CVSS 9.800000190734863 CRITICAL
PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.
EPSS 0.28% · 51.6th percentile
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.28%
51.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pjsip | pjproject | * |
| teluu | pjsip | 0 |
Timeline
- Oct 6, 2023 CVE Published
- Oct 7, 2023 EPSS Score
- Nov 8, 2023 EPSS Score
- Dec 9, 2023 EPSS Score
- Feb 10, 2024 EPSS Score
- Mar 13, 2024 EPSS Score
- Apr 13, 2024 EPSS Score
- May 15, 2024 EPSS Score
- Jun 15, 2024 EPSS Score
- Aug 17, 2024 EPSS Score
- Sep 18, 2024 EPSS Score
- Oct 19, 2024 EPSS Score