Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-24754

Опубликовано: 11 мар. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 8.5

Описание

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type PJSIP_CRED_DATA_DIGEST). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to PJSIP_MD5STRLEN before passing to PJSIP.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
esm-apps/bionic

needs-triage

esm-apps/xenial

needs-triage

trusty

ignored

end of standard support
upstream

needs-triage

xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

esm-apps/bionic

released

20180228.1.503da2b~ds1-1ubuntu0.1~esm1
esm-apps/focal

released

20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
focal

released

20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
impish

ignored

end of life
lunar

not-affected

20230206.0~ds1-5
mantic

not-affected

20230206.0~ds2-1.3
noble

DNE

oracular

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 63%
0.00465
Низкий

7.5 High

CVSS2

8.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-24754

CVSS3: 8.5
nvd
больше 3 лет назад

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.

debian логотип

CVE-2022-24754

CVSS3: 8.5
debian
больше 3 лет назад

PJSIP is a free and open source multimedia communication library writt ...

fstec логотип

BDU:2022-03168

CVSS3: 8.5
fstec
больше 3 лет назад

Уязвимость реализации функции pjsip_auth_create_digest() мультимедийной коммуникационной библиотеки PJSIP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

redos логотип

ROS-20220518-03

redos
около 3 лет назад

Множественные уязвимости pjproject

EPSS

Процентиль: 63%
0.00465
Низкий

7.5 High

CVSS2

8.5 High

CVSS3

Уязвимость CVE-2022-24754