PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
References
Link | Resource |
---|---|
https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508 | Patch Third Party Advisory |
https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202210-37 | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
Configurations
History
02 Feb 2023, 18:30
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5285 - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
18 Nov 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Nov 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Nov 2022, 19:49
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202210-37 - Third Party Advisory |
31 Oct 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Apr 2022, 18:35
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q - Third Party Advisory | |
References | (MISC) https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508 - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
First Time |
Pjsip pjsip
Pjsip |
06 Apr 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-06 14:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-24786
Mitre link : CVE-2022-24786
CVE.ORG link : CVE-2022-24786
JSON object : View
Products Affected
pjsip
- pjsip
debian
- debian_linux