CVE-2022-31031

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to and including 2.12.1

Description PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. A stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using pjlib-util/stun simple API.

Recommendations For versions prior to and including 2.12.1, apply the patch available in commit 450baca to resolve the issue. As a temporary workaround, consider disabling the use of STUN in applications until the patch is applied. Restrict access to the pjlib-util/stun simple API to minimize the risk of exploitation. Avoid setting a STUN server in account/media config in PJSUA/PJSUA2 level until the issue is resolved.