Vulnerabilities > CVE-2022-23537

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

teluu

debian

critical

NVD

Published: 2022-12-20

Updated: 2024-11-21

Summary

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).

Vulnerable Configurations

Part	Description	Count
Application	Teluu Teluu Pjsip 0.5.0.1 Teluu Pjsip 0.5.2 Teluu Pjsip 0.5.3 Teluu Pjsip 0.5.4 Teluu Pjsip 0.5.5.1 Teluu Pjsip 0.5.6 Teluu Pjsip 0.5.6.1 Teluu Pjsip 0.5.7 Teluu Pjsip 0.5.8 Teluu Pjsip 0.5.9 Teluu Pjsip 0.5.10 Teluu Pjsip 0.5.10.1 Teluu Pjsip 0.5.10.2 Teluu Pjsip 0.5.10.3 Teluu Pjsip 0.5.10.4 Teluu Pjsip 0.7.0 Teluu Pjsip 0.8.0 Teluu Pjsip 0.9.0 Teluu Pjsip 1.0 Teluu Pjsip 1.0.1 Teluu Pjsip 1.0.2 Teluu Pjsip 1.0.3 Teluu Pjsip 1.1 Teluu Pjsip 1.2 Teluu Pjsip 1.3 Teluu Pjsip 1.4 Teluu Pjsip 1.4.5 Teluu Pjsip 1.5 Teluu Pjsip 1.5.5 Teluu Pjsip 1.6 Teluu Pjsip 1.7 Teluu Pjsip 1.8 Teluu Pjsip 1.8.5 Teluu Pjsip 1.8.10 Teluu Pjsip 1.10 Teluu Pjsip 1.12 Teluu Pjsip 1.14 Teluu Pjsip 1.14.2 Teluu Pjsip 1.16 Teluu Pjsip 2.0 Teluu Pjsip 2.0.1 Teluu Pjsip 2.1 Teluu Pjsip 2.2 Teluu Pjsip 2.2.1 Teluu Pjsip 2.3 Teluu Pjsip 2.4 Teluu Pjsip 2.4.5 Teluu Pjsip 2.5 Teluu Pjsip 2.5.1 Teluu Pjsip 2.5.5 Teluu Pjsip 2.6 Teluu Pjsip 2.7 Teluu Pjsip 2.7.1 Teluu Pjsip 2.7.2 Teluu Pjsip 2.8 Teluu Pjsip 2.9 Teluu Pjsip 2.10 Teluu Pjsip 2.11 Teluu Pjsip 2.11.1 Teluu Pjsip 2.12 Teluu Pjsip 2.12.1	70
OS	Debian Debian Debian Linux 10.0	1

Vulnerabilities > CVE-2022-23537 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-23537"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-23537