CVE-2022-21722

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.11.1 and prior

Description The issue is related to a buffer overflow in memory when handling RTP/RTCP packets, which can be exploited by a remote attacker to cause a denial of service. PJSIP is a free and open source multimedia communication library that implements standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. The problem affects all users that use PJMEDIA and accept incoming RTP/RTCP packets.

Recommendations For PJSIP versions 2.11.1 and prior, update to a version that includes the patch available as a commit in the master branch to resolve the issue. As a temporary workaround, consider restricting the acceptance of incoming RTP/RTCP packets until the patch is applied.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2024-15954

ALT-PU-2024-16030

BDU:2022-02185

CVE-2022-21722

DLA-2962-1

DLA-3194-1

DLA-3549-1

DLA-3887-1

DSA-5285-1

GHSA-M66Q-Q64C-HV36

USN-6422-1

Affected Products

Alt Linux

Linuxmint

Pjsip

Ubuntu

CVE-2022-21722

Weakness Enumeration

Related Identifiers

Affected Products

References · 53