CVE-2022-23537
Summary
| CVE | CVE-2022-23537 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-12-20 19:15:00 UTC |
|---|
| Updated | 2024-01-25 21:02:00 UTC |
|---|
| Description | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1). |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Merge pull request from GHSA-9pfh-r8x4-w26w · pjsip/pjproject@d8440f4 · GitHub |
MISC |
github.com |
|
| [SECURITY] [DLA 3549-1] ring security update |
MISC |
lists.debian.org |
|
| Heap buffer overflow when decoding STUN message · Advisory · pjsip/pjproject · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181602 Debian Security Update for asterisk (DLA 3335-1)
- 181679 Debian Security Update for asterisk (DSA 5358-1)
- 182981 Debian Security Update for ring (CVE-2022-23537)
- 199817 Ubuntu Security Notification for Ring Vulnerabilities (USN-6422-1)
- 506284 Alpine Linux Security Update for asterisk
- 510668 Alpine Linux Security Update for asterisk
- 510669 Alpine Linux Security Update for asterisk
- 6000045 Debian Security Update for ring (DLA 3549-1)
