Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-24754
HistoryMar 11, 2022 - 8:15 p.m.

CVE-2022-24754

2022-03-1120:15:08
Debian Security Bug Tracker
security-tracker.debian.org
38
pjsip multimedia library
stack-buffer overflow
hashed digest credentials

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.9%

JSON

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type PJSIP_CRED_DATA_DIGEST). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to PJSIP_MD5STRLEN before passing to PJSIP.

Related

cvelist 1
osv 6
alpinelinux 1
nvd 1
veracode 1
prion 1
ubuntucve 1
cve 1
redos 1
nessus 6
debian 2
openvas 5
gentoo 1
ubuntu 2
cvelist
cvelist
CVE-2022-24754 Buffer overflow in pjsip
2022-03-11 00:00:00
osv
osv
CVE-2022-24754
2022-03-11 20:15:08
pjproject - security update
2022-03-28 00:00:00
ring - security update
2024-09-14 00:00:00
alpinelinux
alpinelinux
CVE-2022-24754
2022-03-11 20:15:08
nvd
nvd
CVE-2022-24754
2022-03-11 20:15:08
veracode
veracode
Buffer Overflow
2022-05-14 20:06:19
prion
prion
Stack overflow
2022-03-11 20:15:00
ubuntucve
ubuntucve
CVE-2022-24754
2022-03-11 00:00:00
cve
cve
CVE-2022-24754
2022-03-11 20:15:08
redos
redos
ROS-20220518-03
2022-05-18 00:00:00
nessus
nessus
Debian DLA-2962-1 : pjproject - LTS security update
2022-03-30 00:00:00
GLSA-202210-37 : PJSIP: Multiple Vulnerabilities
2022-10-31 00:00:00
Ubuntu 23.10 : Ring vulnerabilities (USN-6422-2)
2023-10-24 00:00:00
debian
debian
[SECURITY] [DLA 2962-1] pjproject security update
2022-03-28 14:23:21
[SECURITY] [DLA 3549-1] ring security update
2023-08-29 21:15:19
openvas
openvas
Debian: Security Advisory (DLA-2962-1)
2022-03-29 00:00:00
Ubuntu: Security Advisory (USN-6422-1)
2023-10-10 00:00:00
Ubuntu: Security Advisory (USN-6422-2)
2023-10-25 00:00:00
gentoo
gentoo
PJSIP: Multiple Vulnerabilities
2022-10-31 00:00:00
ubuntu
ubuntu
Ring vulnerabilities
2023-10-24 00:00:00
Ring vulnerabilities
2023-10-09 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.9%

JSON
Related for DEBIANCVE:CVE-2022-24754
cvelist1osv6alpinelinux1nvd1veracode1prion1ubuntucve1cve1redos1nessus6debian2openvas5gentoo1ubuntu2