PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.
References
Link | Resource |
---|---|
https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47 | Patch Third Party Advisory |
https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html | |
https://security.gentoo.org/glsa/202210-37 | Third Party Advisory |
Configurations
History
30 Aug 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-120 | |
References |
|
03 Jul 2023, 20:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1284 |
16 Nov 2022, 19:26
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202210-37 - Third Party Advisory |
31 Oct 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jun 2022, 02:46
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
First Time |
Debian debian Linux
Debian |
28 Mar 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-120 |
23 Mar 2022, 12:56
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
First Time |
Teluu pjsip
Teluu |
|
References | (CONFIRM) https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47 - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:* |
11 Mar 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-11 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-24754
Mitre link : CVE-2022-24754
CVE.ORG link : CVE-2022-24754
JSON object : View
Products Affected
teluu
- pjsip
debian
- debian_linux