← Voltar para CVEs
CVE-2022-24754
HIGH8.5
Descricao
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.
Detalhes CVE
Pontuacao CVSS v3.18.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado3/11/2022
Ultima modificacao11/4/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
debian:debian_linuxteluu:pjsip
Fraquezas (CWE)
CWE-120CWE-1284
Referencias
https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47(security-advisories@github.com)
https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html(security-advisories@github.com)
https://security.gentoo.org/glsa/202210-37(security-advisories@github.com)
https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-37(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.