CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24763 – Infinite Loop in PJSIP
https://notcve.org/view.php?id=CVE-2022-24763
30 Mar 2022 — PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds. PJSIP es una biblioteca de comunicación multimedia gratuita y de código abierto escrita en lenguaje C. • https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24764 – Stack buffer overflow in pjproject
https://notcve.org/view.php?id=CVE-2022-24764
22 Mar 2022 — PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known worka... • https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24754 – Buffer overflow in pjsip
https://notcve.org/view.php?id=CVE-2022-24754
11 Mar 2022 — PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `... • https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-23608 – Use after free in PJSIP
https://notcve.org/view.php?id=CVE-2022-23608
22 Feb 2022 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior su... • http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43299 – Debian Security Advisory 5285-1
https://notcve.org/view.php?id=CVE-2021-43299
16 Feb 2022 — Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. Un desbordamiento de pila en la API de PJSUA cuando es llamado a pjsua_player_create. Un argumento "filename" controlado por un atacante puede causar un desbordamiento del búfer, ya que es copiado a un búfer de pila de tamaño fijo sin ninguna comprobación de tamaño Multiple security vulnerabilities ha... • https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43300 – Debian Security Advisory 5285-1
https://notcve.org/view.php?id=CVE-2021-43300
16 Feb 2022 — Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. Un desbordamiento de pila en la API de PJSUA cuando es llamado a pjsua_recorder_create. Un argumento "filename" controlado por un atacante puede causar un desbordamiento del búfer ya que es copiado a un búfer de pila de tamaño fijo sin ninguna comprobación de tamaño Multiple security vulnerabilities... • https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43301 – Debian Security Advisory 5285-1
https://notcve.org/view.php?id=CVE-2021-43301
16 Feb 2022 — Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. Un desbordamiento de pila en la API de PJSUA cuando es llamado a pjsua_playlist_create. Un argumento "file_names" controlado por un atacante puede causar un desbordamiento del búfer, ya que es copiado a un búfer de pila de tamaño fijo sin ninguna comprobación de tamaño Multiple security vulnerabil... • https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43302 – Ubuntu Security Notice USN-6422-1
https://notcve.org/view.php?id=CVE-2021-43302
16 Feb 2022 — Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters. Una lectura fuera de límites en la API de PJSUA cuando es llamado a pjsua_recorder_create. Un argumento "filename" controlado por un atacante puede causar una lectura fuera de límites cuando el nombre del archivo es menor de 4 caracteres It was discovered that Ring incorrectly handled certain inputs. If a user or an aut... • https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43303 – Ubuntu Security Notice USN-6422-1
https://notcve.org/view.php?id=CVE-2021-43303
16 Feb 2022 — Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied Un desbordamiento de búfer en la API de PJSUA cuando es llamado a pjsua_call_dump. Un argumento "buffer" controlado por un atacante puede causar un desbordamiento de búfer, ya que el suministro de un búfer de salida menor de 128 caracteres puede... • https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21722 – Potential out-of-bound read during RTP/RTCP parsing in PJSIP
https://notcve.org/view.php?id=CVE-2022-21722
27 Jan 2022 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds. • https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a • CWE-125: Out-of-bounds Read •