Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-39269

Опубликовано: 06 окт. 2022
Источник: debian
EPSS Низкий

Описание

PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
asteriskfixed1:20.3.0~dfsg+~cs6.13.40431413-1package
pjprojectremovedpackage
ringfixed20230206.0~ds1-1package
ringnot-affectedbullseyepackage
ringnot-affectedbusterpackage

Примечания

  • https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg

  • Introduced by: https://github.com/pjsip/pjproject/commit/db4f8f23b9962b4e567faa0784608174376ead8f (2.11)

  • Fixed by: https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc (2.13)

EPSS

Процентиль: 24%
0.0008
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-39269

CVSS3: 9.1
ubuntu
около 3 лет назад

PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2022-39269

CVSS3: 9.1
nvd
около 3 лет назад

PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.

fstec логотип

BDU:2022-06662

CVSS3: 9.1
fstec
около 3 лет назад

Уязвимость мультимедийной коммуникационной библиотеки PJSIP, связанная с неправильным переключением транспортов мультимедиа SRTP на использование базового RTP после перезапуска SRTP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

redos логотип

ROS-20221103-02

CVSS3: 9.8
redos
около 3 лет назад

Множественные уязвимости PJSIP

EPSS

Процентиль: 24%
0.0008
Низкий