CVE-2022-39269

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.13

Description The issue is related to the incorrect switching from SRTP media transport to basic RTP upon SRTP restart when processing certain packets, causing media to be sent insecurely. This impacts all PJSIP users that use SRTP. The vulnerability may allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 2.13, users are advised to manually patch using commit d2acb9a from the master branch or upgrade to version 2.13 to resolve the issue. As a temporary workaround, consider disabling SRTP restart until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.