← Back to CVEs
CVE-2022-24754
HIGH8.5
Description
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.
CVE Details
CVSS v3.1 Score8.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published3/11/2022
Last Modified11/4/2025
Sourcenvd
Honeypot Sightings0
Affected Products
debian:debian_linuxteluu:pjsip
Weaknesses (CWE)
CWE-120CWE-1284
References
https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47(security-advisories@github.com)
https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html(security-advisories@github.com)
https://security.gentoo.org/glsa/202210-37(security-advisories@github.com)
https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-37(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.