Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3036-1:E47F1
HistoryMay 31, 2022 - 9:08 a.m.

[SECURITY] [DLA 3036-1] pjproject security update

2022-05-3109:08:35
lists.debian.org
36
debian lts
pjproject
security update
denial-of-service
buffer overflow
multimedia communication

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.5

Confidence

High

EPSS

0.004

Percentile

74.5%

JSON

Debian LTS Advisory DLA-3036-1 [email protected]
https://www.debian.org/lts/security/ Abhijith PA
May 31, 2022 https://wiki.debian.org/LTS

Package : pjproject
Version : 2.5.5~dfsg-6+deb9u5
CVE ID : CVE-2022-24763 CVE-2022-24792 CVE-2022-24793

Multiple security issues were discovered in pjproject, is a free and
open source multimedia communication library

CVE-2022-24763

a denial-of-service vulnerability that affects PJSIP users that 
consume PJSIP's XML parsing in their apps.

CVE-2022-24792

A denial-of-service vulnerability affects applications on a 32-bit 
systems to play/read invalid WAV files. The vulnerability occurs 
when reading WAV file data chunks with length greater than 31-bit 
integers. The vulnerability does not affect 64-bit apps and should 
not affect apps that only plays trusted WAV files

CVE-2022-24793

A buffer overflow vulnerability affects applications that uses 
PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an 
external resolver.

For Debian 9 stretch, these problems have been fixed in version
2.5.5~dfsg-6+deb9u5.

We recommend that you upgrade your pjproject packages.

For the detailed security status of pjproject please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pjproject

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11ppc64elasterisk-ooh323-dbgsym< 1:16.28.0~dfsg-0+deb11u1asterisk-ooh323-dbgsym_1:16.28.0~dfsg-0+deb11u1_ppc64el.deb
Debian10i386asterisk-mobile< 1:16.28.0~dfsg-0+deb10u1asterisk-mobile_1:16.28.0~dfsg-0+deb10u1_i386.deb
Debian9i386libpjsua2-2v5< 2.5.5~dfsg-6+deb9u5libpjsua2-2v5_2.5.5~dfsg-6+deb9u5_i386.deb
Debian9armhflibpjsua2-2v5< 2.5.5~dfsg-6+deb9u5libpjsua2-2v5_2.5.5~dfsg-6+deb9u5_armhf.deb
Debian11mipselasterisk-ooh323-dbgsym< 1:16.28.0~dfsg-0+deb11u1asterisk-ooh323-dbgsym_1:16.28.0~dfsg-0+deb11u1_mipsel.deb
Debian11amd64asterisk-voicemail-imapstorage< 1:16.28.0~dfsg-0+deb11u1asterisk-voicemail-imapstorage_1:16.28.0~dfsg-0+deb11u1_amd64.deb
Debian11s390xasterisk-mysql-dbgsym< 1:16.28.0~dfsg-0+deb11u1asterisk-mysql-dbgsym_1:16.28.0~dfsg-0+deb11u1_s390x.deb
Debian11armelasterisk-voicemail-imapstorage< 1:16.28.0~dfsg-0+deb11u1asterisk-voicemail-imapstorage_1:16.28.0~dfsg-0+deb11u1_armel.deb
Debian11s390xasterisk-tests-dbgsym< 1:16.28.0~dfsg-0+deb11u1asterisk-tests-dbgsym_1:16.28.0~dfsg-0+deb11u1_s390x.deb
Debian11mips64elasterisk-ooh323-dbgsym< 1:16.28.0~dfsg-0+deb11u1asterisk-ooh323-dbgsym_1:16.28.0~dfsg-0+deb11u1_mips64el.deb
Rows per page:
1-10 of 3611

Related

nessus 9
openvas 8
osv 10
redos 1
debiancve 4
cve 4
cvelist 4
alpinelinux 4
veracode 3
nvd 4
ubuntucve 4
prion 4
debian 5
gentoo 1
ubuntu 2
nessus
nessus
Debian DLA-3036-1 : pjproject - LTS security update
2022-06-02 00:00:00
Debian DSA-5438-1 : asterisk - security update
2023-06-23 00:00:00
Debian DLA-3394-1 : asterisk - LTS security update
2023-04-25 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3036-1)
2022-06-01 00:00:00
Debian: Security Advisory (DLA-3394-1)
2023-04-24 00:00:00
Debian: Security Advisory (DSA-5438-1)
2023-06-26 00:00:00
osv
osv
pjproject - security update
2022-05-31 00:00:00
CVE-2022-24792
2022-04-25 16:16:00
CVE-2022-24763
2022-03-30 21:15:07
redos
redos
ROS-20220518-03
2022-05-18 00:00:00
debiancve
debiancve
CVE-2022-24792
2022-04-25 16:16:09
CVE-2022-24763
2022-03-30 21:15:07
CVE-2023-27585
2023-03-14 17:15:19
cve
cve
CVE-2022-24792
2022-04-25 16:16:09
CVE-2022-24763
2022-03-30 21:15:07
CVE-2023-27585
2023-03-14 17:15:19
cvelist
cvelist
CVE-2022-24792 Potential infinite loop when parsing WAV format file in PJSIP
2022-04-25 00:00:00
CVE-2022-24763 Infinite Loop in PJSIP
2022-03-30 00:00:00
CVE-2023-27585
2023-03-14 00:00:00
alpinelinux
alpinelinux
CVE-2022-24792
2022-04-25 16:16:09
CVE-2022-24763
2022-03-30 21:15:07
CVE-2022-24793
2022-04-06 14:15:08
veracode
veracode
Buffer Overflow
2022-05-14 19:56:16
Denial Of Service (DoS)
2022-05-14 19:56:17
Denial Of Service (DoS)
2022-05-14 20:20:43
nvd
nvd
CVE-2022-24792
2022-04-25 16:16:09
CVE-2022-24763
2022-03-30 21:15:07
CVE-2023-27585
2023-03-14 17:15:19
ubuntucve
ubuntucve
CVE-2022-24792
2022-04-25 00:00:00
CVE-2022-24763
2022-03-30 00:00:00
CVE-2023-27585
2023-03-14 00:00:00
prion
prion
Design/Logic Flaw
2022-04-25 16:16:00
Design/Logic Flaw
2022-03-30 21:15:00
Buffer overflow
2023-03-14 17:15:00
debian
debian
[SECURITY] [DSA 5438-1] asterisk security update
2023-06-22 21:52:51
[SECURITY] [DLA 3394-1] asterisk security update
2023-04-18 22:22:46
[SECURITY] [DSA 5285-1] asterisk security update
2022-11-17 21:42:58
gentoo
gentoo
PJSIP: Multiple Vulnerabilities
2022-10-31 00:00:00
ubuntu
ubuntu
Ring vulnerabilities
2023-10-09 00:00:00
Ring vulnerabilities
2023-10-24 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.5

Confidence

High

EPSS

0.004

Percentile

74.5%

JSON
Related for DEBIAN:DLA-3036-1:E47F1
nessus9openvas8osv10redos1debiancve4cve4cvelist4alpinelinux4veracode3nvd4ubuntucve4prion4debian5gentoo1ubuntu2