Potential out-of-bound read during RTP/RTCP parsing in PJSIP
CVE-2022-21722

9.1CRITICAL

Key Information:

Vendor: Pjsip
Status: Pjproject
Vendor: CVE Published:; 27 January 2022

What is CVE-2022-21722?

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the master branch. There are no known workarounds.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

pjproject <= 2.11.1

References

https://github.com/pjsip/pjproject/security/advisories/GH...

https://github.com/pjsip/pjproject/commit/22af44e68a0c7d1...

https://lists.debian.org/debian-lts-announce/2022/03/msg0...

mailing-list

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2022
Vulnerability Reserved
Nov 16, 2021

JSON

Pjsip

What is CVE-2022-21722?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.