CVE-2022-21723

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.11.1 and prior

Description The issue is related to a potential out-of-bound read access when parsing an incoming SIP message that contains a malformed multipart. This affects all PJSIP users that accept SIP multipart. The problem can be exploited by a remote attacker to cause a denial of service.

Recommendations For PJSIP versions 2.11.1 and prior, update to a version that includes the patch available in the master branch, as there are no known workarounds for this issue. As a temporary workaround, consider restricting the acceptance of SIP multipart messages until the patch is applied.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-2313

ALT-PU-2024-15954

ALT-PU-2024-16030

BDU:2022-02209

CVE-2022-21723

DLA-2962-1

DLA-3194-1

DLA-3549-1

DLA-3887-1

DSA-5285-1

GHSA-7FW8-54CV-R7PM

USN-6422-1

Affected Products

Alt Linux

Linuxmint

Pjsip

Ubuntu

CVE-2022-21723

Weakness Enumeration

Related Identifiers

Affected Products

References · 53