Multiple vulnerabilities in pjsip
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
Updated 24.11.2022
Added fixed version for vulnerabilities #1,2
Added vulnerability #3
1) Buffer overflow
EUVDB-ID: #VU69270
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-39244
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser. A remote attacker can send specially crafted data to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionspjsip: 0.5.0.1 - 2.12.1
CPE2.3- cpe:2.3:a:pjsip:pjsip:0.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pjsip:pjsip:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:pjsip:pjsip:0.5.3:*:*:*:*:*:*:*
https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext transmission of sensitive information
EUVDB-ID: #VU69269
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-39269
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationInstall update from vendor's website.
Vulnerable software versionspjsip: 2.11 - 2.12.1
CPE2.3- cpe:2.3:a:pjsip:pjsip:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:pjsip:pjsip:2.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:pjsip:pjsip:2.12:*:*:*:*:*:*:*
https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc
https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU69571
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-31031
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing message as a STUN client. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionspjsip: 2.12 - 2.12.1
CPE2.3 External linkshttps://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202
https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
https://security.gentoo.org/glsa/202210-37
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
