CVE-2022-23537

Published: Dic 20, 2022 Last Modified: Nov 04, 2025 EU-VD ID: EUVD-2022-28560 Aliases: GSD-2022-23537
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: high

Description

AI Translation Available

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0037
Percentile
0,6th
Updated

EPSS Score Trend (Last 90 Days)

122

Heap-based Buffer Overflow

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality Access Control Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Execute Unauthorized Code Or Commands Bypass Protection Mechanism Modify Memory Other
Applicable Platforms
Languages: C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
125

Out-of-bounds Read

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Availability Other
Potential Impacts:
Read Memory Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Varies By Context
Applicable Platforms
Languages: C, C++, Memory-Unsafe
Technologies: ICS/OT
View CWE Details
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Pjsip by Teluu

Product Information
Vendor Teluu
Product Pjsip
Version Range Affected
To 2.13.1 (exclusive)
cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/pjsip/pjproject/commit/d8440f4d711a654b5…
https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd…
https://github.com/pjsip/pjproject/security/advisories/GHSA…
https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
https://lists.debian.org/debian-lts-announce/2023/08/msg000…
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
https://lists.debian.org/debian-lts-announce/2024/09/msg000…
https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html
https://github.com/pjsip/pjproject/commit/d8440f4d711a654b5…
https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd…
https://github.com/pjsip/pjproject/security/advisories/GHSA…
https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
https://lists.debian.org/debian-lts-announce/2023/08/msg000…
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html