3 matches found
Debian DSA-5358-1 : asterisk - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5358 advisory. Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be...
CVE-2022-39269 Media transport downgrade from the secure version (SRTP) to non-secure (RTP) in pjsip
PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users tha...
CVE-2022-39269
CVE-2022-39269 (PJSIP) affects the PJSIP library. When processing certain packets, PJSIP may switch from SRTP to basic RTP upon SRTP restart, causing media to be sent insecurely. Root cause: SRTP restart handling can drop secure transport, exposing confidentiality and integrity. Impact per source...