Main Vulnerability Database Vulnerabilities #VU61377

Buffer overflow in pjsip - CVE-2022-24754

Published: March 15, 2022 / Updated: May 12, 2022

Vulnerability identifier: #VU61377

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-24754

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
pjsip

Software vendor:
pjsip

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the pjsip_auth_create_digest(). A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47
https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662

Buffer overflow in pjsip - CVE-2022-24754

Description

Remediation

External links

Please verify you're human