Remote code execution in pjproject
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2022-24754 CVE-2022-24792 CVE-2022-24786 CVE-2022-24764 CVE-2022-24793 CVE-2022-24763 |
| CWE-ID | CWE-119 CWE-835 CWE-787 CWE-121 CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
pjsip Universal components / Libraries / Libraries used by multiple products |
| Vendor | pjsip |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
Updated 12.05.2022
Added fixed version.
Added vulnerabilities #2-6
1) Buffer overflow
EUVDB-ID: #VU61377
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24754
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the pjsip_auth_create_digest(). A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionspjsip: 2.0 - 2.12
External linkshttp://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47
http://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Infinite loop
EUVDB-ID: #VU63101
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24792
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when parsing WAV format file. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall updates from vendor's website.
Vulnerable software versionspjsip: 2.0 - 2.12
External linkshttp://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
http://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU63100
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24786
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when parsing RTCP feedback RPSI (Reference Picture Selection Indication) packet. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionspjsip: 2.0 - 2.12
External linkshttp://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q
http://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stack-based buffer overflow
EUVDB-ID: #VU63096
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24764
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in "pjmedia_sdp_print()" and "pjmedia_sdp_media_print()". A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionspjsip: 2.0 - 2.12
External linkshttp://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
http://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
http://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU63102
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24793
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing DNS packets. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionspjsip: 2.0 - 2.12
External linkshttp://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
http://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Infinite loop
EUVDB-ID: #VU63094
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24763
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within XML parsing. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall updates from vendor's website.
Vulnerable software versionspjsip: 2.0 - 2.12
External linkshttp://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4
http://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
