Lucene search

K
cvelistGitHub_MCVELIST:CVE-2022-23547
HistoryDec 23, 2022 - 2:00 p.m.

CVE-2022-23547 Heap buffer overflow in pjproject when decoding STUN message

2022-12-2314:00:22
CWE-122
GitHub_M
www.cve.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.

CNA Affected

[
  {
    "vendor": "pjsip",
    "product": "pjproject",
    "versions": [
      {
        "version": "<= 2.13",
        "status": "affected"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%