Lucene search

PRIOn knowledge basePRION:CVE-2022-21722

HistoryJan 27, 2022 - 12:15 a.m.

Design/Logic Flaw

2022-01-2700:15:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the master branch. There are no known workarounds.

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
pjsiple2.11.1

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
pjsip	le	2.11.1

References

github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a

github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36

lists.debian.org/debian-lts-announce/2022/03/msg00035.html

lists.debian.org/debian-lts-announce/2022/11/msg00021.html

lists.debian.org/debian-lts-announce/2023/08/msg00038.html

security.gentoo.org/glsa/202210-37

www.debian.org/security/2022/dsa-5285