9.1

CVE-2022-21723

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.

Data is provided by the National Vulnerability Database (NVD)
TeluuPjsip Version <= 2.11.1
AsteriskCertified Asterisk Version16.8.0
AsteriskCertified Asterisk Version16.8.0 Updatecert1
AsteriskCertified Asterisk Version16.8.0 Updatecert10
AsteriskCertified Asterisk Version16.8.0 Updatecert11
AsteriskCertified Asterisk Version16.8.0 Updatecert12
AsteriskCertified Asterisk Version16.8.0 Updatecert2
AsteriskCertified Asterisk Version16.8.0 Updatecert3
AsteriskCertified Asterisk Version16.8.0 Updatecert4
AsteriskCertified Asterisk Version16.8.0 Updatecert5
AsteriskCertified Asterisk Version16.8.0 Updatecert6
AsteriskCertified Asterisk Version16.8.0 Updatecert7
AsteriskCertified Asterisk Version16.8.0 Updatecert8
AsteriskCertified Asterisk Version16.8.0 Updatecert9
SangomaAsterisk Version >= 16.0.0 < 16.24.1
SangomaAsterisk Version >= 18.0.0 < 18.10.1
SangomaAsterisk Version >= 19.0.0 < 19.2.1
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.27% 0.503
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
security-advisories@github.com 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://seclists.org/fulldisclosure/2022/Mar/2
Patch
Third Party Advisory
Mailing List