← Volver a CVEs
CVE-2022-24754
HIGH8.5
Descripcion
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.
Detalles CVE
Puntuacion CVSS v3.18.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado3/11/2022
Ultima modificacion11/4/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
debian:debian_linuxteluu:pjsip
Debilidades (CWE)
CWE-120CWE-1284
Referencias
https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47(security-advisories@github.com)
https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html(security-advisories@github.com)
https://security.gentoo.org/glsa/202210-37(security-advisories@github.com)
https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-37(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.