CVE-2022-24792

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
teluupjsip
𝑥
≤ 2.12
debiandebian_linux
9.0
debiandebian_linux
10.0
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
stretch
not-affected
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
ring
bullseye
unimportant
stretch
not-affected
bullseye (security)
unimportant
bookworm
20230206.0~ds2-1.1
fixed
sid
20231201.0~ds1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
pjproject
bionic
needs-triage
xenial
needs-triage
ring
noble
dne
mantic
ignored
lunar
ignored
impish
ignored
focal
needs-triage
bionic
needs-triage
Common Weakness Enumeration
References
https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
https://security.gentoo.org/glsa/202210-37
https://www.debian.org/security/2022/dsa-5285
https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
https://security.gentoo.org/glsa/202210-37
https://www.debian.org/security/2022/dsa-5285