Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-23537

Опубликовано: 20 дек. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).

РелизСтатусПримечание
bionic

not-affected

code nor present
devel

needs-triage

esm-apps/bionic

not-affected

code nor present
esm-apps/focal

not-affected

code nor present
esm-apps/jammy

needed

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

focal

not-affected

code nor present
jammy

needed

kinetic

not-affected

code nor present

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
esm-apps/bionic

needed

esm-apps/xenial

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

trusty

ignored

end of standard support
upstream

needs-triage

xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

DNE

esm-apps/bionic

released

20180228.1.503da2b~ds1-1ubuntu0.1~esm1
esm-apps/focal

released

20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
focal

released

20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
jammy

DNE

kinetic

DNE

lunar

not-affected

20230206.0~ds1-5
mantic

not-affected

20230206.0~ds2-1.3
noble

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

trusty

ignored

end of standard support
upstream

needs-triage

xenial

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 41%
0.00191
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-23537

CVSS3: 6.5
nvd
больше 2 лет назад

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).

debian логотип

CVE-2022-23537

CVSS3: 6.5
debian
больше 2 лет назад

PJSIP is a free and open source multimedia communication library writt ...

fstec логотип

BDU:2022-07479

CVSS3: 6.5
fstec
больше 2 лет назад

Уязвимость мультимедиа библиотеки PJSIP, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю выполнить произвольный код в целевой системе

redos логотип

ROS-20221227-02

CVSS3: 6.5
redos
больше 2 лет назад

Уязвимость pjproject

EPSS

Процентиль: 41%
0.00191
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2022-23537