CVE-2022-24764

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.12 and prior

Description The issue is related to a stack buffer overflow vulnerability in the PJSIP multimedia communication library, specifically affecting users of PJSUA2 or those who call the API endpoints pjmedia sdp print() and pjmedia sdp media print(). This vulnerability can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. Applications not using PJSUA2 and not directly calling pjmedia sdp print() or pjmedia sdp media print() are not affected.

Recommendations For PJSIP versions 2.12 and prior, a patch is available on the master branch of the pjsip/pjproject GitHub repository. As a temporary workaround, consider disabling the pjmedia sdp print() and pjmedia sdp media print() functions until a patch is applied. Restrict access to the PJSUA2 API to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121CWE-120

Related Identifiers

ALT-PU-2024-15954

ALT-PU-2024-16030

BDU:2022-03171

CVE-2022-24764

DLA-2962-1

DLA-3194-1

DLA-3549-1

DLA-3887-1

DSA-5285-1

GHSA-F5QG-PQCG-765M

USN-6422-1

Affected Products

Alt Linux

Linuxmint

Pjsip

Red Os

Ubuntu

CVE-2022-24764

Weakness Enumeration

Related Identifiers

Affected Products

References · 52