PT-2022-2683 · Pjsip+3 · Pjsip+3

Cossack9989

Published

2022-03-29

Updated

2026-05-06

CVE-2022-24763

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.12

Description The issue is related to a denial-of-service condition that can be triggered by an infinite loop during XML parsing. This can allow a remote attacker to cause a denial-of-service. The vulnerability affects PJSIP users that consume PJSIP's XML parsing in their apps.

Recommendations For versions prior to 2.12, update to a newer version to resolve the issue. As a temporary workaround, consider restricting the use of PJSIP's XML parsing functionality until a patch is available. There are no known workarounds for this vulnerability.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2022-03173

CVE-2022-24763

DLA-3036-1

DLA-3194-1

DLA-3549-1

DLA-3887-1

DSA-5285-1

GHSA-5X45-QP78-G4P4

USN-6422-1

Affected Products

Linuxmint

Pjsip

Red Os

Ubuntu

PT-2022-2683 · Pjsip+3 · Pjsip+3

CVE-2022-24763

Weakness Enumeration

Related Identifiers

Affected Products

References · 54