PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.
References
Link | Resource |
---|---|
https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47 | Patch Third Party Advisory |
https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html | |
https://security.gentoo.org/glsa/202210-37 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-03-11T00:00:00
Updated: 2023-08-30T00:06:16.414373
Reserved: 2022-02-10T00:00:00
Link: CVE-2022-24754
JSON object: View
NVD Information
Status : Modified
Published: 2022-03-11T20:15:08.873
Modified: 2023-08-30T01:15:35.427
Link: CVE-2022-24754
JSON object: View
Redhat Information
No data.