Skip to main content

Pjsip CVE-2022-24754

CRITICAL
Classic Buffer Overflow (CWE-120)
2022-03-11 security-advisories@github.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 11, 2022 - 20:15 nvd
CRITICAL 9.8

DescriptionNVD

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type PJSIP_CRED_DATA_DIGEST). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to PJSIP_MD5STRLEN before passing to PJSIP.

AnalysisAI

PJSIP is a free and open source multimedia communication library written in C language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type PJSIP_CRED_DATA_DIGEST). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to PJSIP_MD5STRLEN before passing to PJSIP. Affected products include: Teluu Pjsip, Debian Debian Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

More in Pjsip

View all
CVE-2021-43845 CRITICAL POC
9.1 Dec 27

PJSIP is a free and open source multimedia communication library. Rated critical severity (CVSS 9.1), this vulnerability

CVE-2021-21375 MEDIUM POC
6.5 Mar 10

PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto

CVE-2017-16872 CRITICAL
9.8 Nov 17

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Rated critical severity (CVSS 9

CVE-2026-25994 CRITICAL POC
9.8 Feb 11

Buffer overflow in PJSIP multimedia library version 2.16 and earlier in PJNATH ICE implementation. Patch available. Affe

CVE-2026-32945 CRITICAL
9.8 Mar 20

Heap overflow in PJSIP 2.16 and earlier DNS parser allows unauthenticated remote attackers to achieve code execution wit

CVE-2023-38703 CRITICAL
9.8 Oct 06

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, a

CVE-2022-23547 CRITICAL
9.8 Dec 23

PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto

CVE-2022-23537 CRITICAL
9.8 Dec 20

PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto

CVE-2022-39244 CRITICAL
9.8 Oct 06

PJSIP is a free and open source multimedia communication library written in C. Rated critical severity (CVSS 9.8), this

CVE-2022-31031 CRITICAL
9.8 Jun 09

PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto

CVE-2022-24786 CRITICAL
9.8 Apr 06

PJSIP is a free and open source multimedia communication library written in C. Rated critical severity (CVSS 9.8), this

CVE-2022-23608 CRITICAL
9.8 Feb 22

PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto

Share

CVE-2022-24754 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy