Lucene search

[email protected]CVE-2022-21722

HistoryJan 27, 2022 - 12:15 a.m.

CVE-2022-21722

2022-01-2700:15:07

CWE-125

[email protected]

web.nvd.nist.gov

pjsip

cve-2022-21722

multimedia communication library

sip

sdp

rtp

stun

turn

ice

security vulnerability

patch available

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the master branch. There are no known workarounds.

Affected configurations

Vulners

NVD

Node

pjsippjsipRange≤2.11.1

VendorProductVersionCPE
pjsippjsip*cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pjsip	pjsip	*	cpe:2.3:a:pjsip:pjsip::::::::

CNA Affected

[
  {
    "vendor": "pjsip",
    "product": "pjproject",
    "versions": [
      {
        "version": "<= 2.11.1",
        "status": "affected"
      }
    ]
  }
]