CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38703 – PJSIP has use-after-free vulnerability in SRTP media transport
https://notcve.org/view.php?id=CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. • https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66 https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27585
https://notcve.org/view.php?id=CVE-2023-27585
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. • https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5 https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4 https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html https://www.debian.org/security/2023/dsa-5438 https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23537 – PJSIP vulnerable to heap buffer overflow when decoding STUN message
https://notcve.org/view.php?id=CVE-2022-23537
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1). PJSIP es una librería de comunicación multimedia gratuita y de código abierto escrita en lenguaje C que implementa protocolos basados en estándares como SIP, SDP, RTP, STUN, TURN e ICE. • https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31031 – Potential stack buffer overflow when parsing message as a STUN client
https://notcve.org/view.php?id=CVE-2022-31031
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue. PJSIP es una librería de comunicación multimedia gratuita y de código abierto escrita en lenguaje C que implementa protocolos basados en estándares como SIP, SDP, RTP, STUN, TURN e ICE. • https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202 https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html https://security.gentoo.org/glsa/202210-37 https://www.debian.org/security/2023/dsa-5358 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24792 – Potential infinite loop when parsing WAV format file in PJSIP
https://notcve.org/view.php?id=CVE-2022-24792
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. • https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213 https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799 https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://security.gentoo.org/glsa/202210-37 https://www.debian.org/security/2022/dsa-5285 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •