CVE-2022-39244

2022-10-0600:00:00

ubuntu.com

pjsip

buffer overflow

vulnerability

patch

upgrade

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.3%

JSON

PJSIP is a free and open source multimedia communication library written in
C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP
decoder, and PJMEDIA SDP parser are affeced by a buffer overflow
vulnerability. Users connecting to untrusted clients are at risk. This
issue has been patched and is available as commit c4d3498 in the master
branch and will be included in releases 2.13 and later. Users are advised
to upgrade. There are no known workarounds for this issue.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchasterisk< anyUNKNOWN
ubuntu20.04noarchasterisk< anyUNKNOWN
ubuntu22.04noarchasterisk< anyUNKNOWN
ubuntu24.04noarchasterisk< anyUNKNOWN
ubuntu16.04noarchasterisk< anyUNKNOWN
ubuntu18.04noarchpjproject< anyUNKNOWN
ubuntu16.04noarchpjproject< anyUNKNOWN
ubuntu18.04noarchring< 20180228.1.503da2b~ds1-1ubuntu0.1~esm1UNKNOWN
ubuntu20.04noarchring< 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	asterisk	< any	UNKNOWN
ubuntu	20.04	noarch	asterisk	< any	UNKNOWN
ubuntu	22.04	noarch	asterisk	< any	UNKNOWN
ubuntu	24.04	noarch	asterisk	< any	UNKNOWN
ubuntu	16.04	noarch	asterisk	< any	UNKNOWN
ubuntu	18.04	noarch	pjproject	< any	UNKNOWN
ubuntu	16.04	noarch	pjproject	< any	UNKNOWN
ubuntu	18.04	noarch	ring	< 20180228.1.503da2b~ds1-1ubuntu0.1~esm1	UNKNOWN
ubuntu	20.04	noarch	ring	< 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1	UNKNOWN