CVE-2022-21723

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-21723

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21723.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-21723

Aliases

GHSA-7fw8-54cv-r7pm

Related

Published

2022-01-27T00:15:07Z

Modified

2024-12-05T15:32:09.127947Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the master branch. There are no known workarounds.

References

Affected packages

Alpine:v3.16 / pjproject

Package

Name: pjproject
Purl: pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12-r0

Affected versions

1.*

1.0.1-r0

1.4-r0

1.4-r1

1.6-r0

1.6-r1

1.6-r2

1.10-r0

2.*

2.0-r0

2.1-r0

2.2-r0

2.2.1-r0

2.3-r0

2.4-r0

2.4.5-r0

2.5.5-r0

2.5.5-r1

2.5.5-r2

2.5.5-r3

2.5.5-r4

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.8-r0

2.9-r0

2.11-r0

2.11.1-r0

2.11.1-r1

2.11.1-r2

Alpine:v3.17 / pjproject

Package

Name: pjproject
Purl: pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12-r0

Affected versions

1.*

1.0.1-r0

1.4-r0

1.4-r1

1.6-r0

1.6-r1

1.6-r2

1.10-r0

2.*

2.0-r0

2.1-r0

2.2-r0

2.2.1-r0

2.3-r0

2.4-r0

2.4.5-r0

2.5.5-r0

2.5.5-r1

2.5.5-r2

2.5.5-r3

2.5.5-r4

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.8-r0

2.9-r0

2.11-r0

2.11.1-r0

2.11.1-r1

2.11.1-r2

Alpine:v3.18 / pjproject

Package

Name: pjproject
Purl: pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12-r0

Affected versions

1.*

1.0.1-r0

1.4-r0

1.4-r1

1.6-r0

1.6-r1

1.6-r2

1.10-r0

2.*

2.0-r0

2.1-r0

2.2-r0

2.2.1-r0

2.3-r0

2.4-r0

2.4.5-r0

2.5.5-r0

2.5.5-r1

2.5.5-r2

2.5.5-r3

2.5.5-r4

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.8-r0

2.9-r0

2.11-r0

2.11.1-r0

2.11.1-r1

2.11.1-r2

Alpine:v3.19 / pjproject

Package

Name: pjproject
Purl: pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12-r0

Affected versions

1.*

1.0.1-r0

1.4-r0

1.4-r1

1.6-r0

1.6-r1

1.6-r2

1.10-r0

2.*

2.0-r0

2.1-r0

2.2-r0

2.2.1-r0

2.3-r0

2.4-r0

2.4.5-r0

2.5.5-r0

2.5.5-r1

2.5.5-r2

2.5.5-r3

2.5.5-r4

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.8-r0

2.9-r0

2.11-r0

2.11.1-r0

2.11.1-r1

2.11.1-r2

Alpine:v3.20 / pjproject

Package

Name: pjproject
Purl: pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12-r0

Affected versions

1.*

1.0.1-r0

1.4-r0

1.4-r1

1.6-r0

1.6-r1

1.6-r2

1.10-r0

2.*

2.0-r0

2.1-r0

2.2-r0

2.2.1-r0

2.3-r0

2.4-r0

2.4.5-r0

2.5.5-r0

2.5.5-r1

2.5.5-r2

2.5.5-r3

2.5.5-r4

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.8-r0

2.9-r0

2.11-r0

2.11.1-r0

2.11.1-r1

2.11.1-r2

Alpine:v3.21 / pjproject

Package

Name: pjproject
Purl: pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12-r0

Affected versions

1.*

1.0.1-r0

1.4-r0

1.4-r1

1.6-r0

1.6-r1

1.6-r2

1.10-r0

2.*

2.0-r0

2.1-r0

2.2-r0

2.2.1-r0

2.3-r0

2.4-r0

2.4.5-r0

2.5.5-r0

2.5.5-r1

2.5.5-r2

2.5.5-r3

2.5.5-r4

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.8-r0

2.9-r0

2.11-r0

2.11.1-r0

2.11.1-r1

2.11.1-r2

Debian:11 / asterisk

Package

Name: asterisk
Purl: pkg:deb/debian/asterisk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.28.0~dfsg-0+deb11u1

Affected versions

1:16.*

1:16.16.1~dfsg-1

1:16.16.1~dfsg-1+deb11u1~bpo10+1

1:16.16.1~dfsg-1+deb11u1

1:16.16.1~dfsg-2

1:16.16.1~dfsg-3

1:16.16.1~dfsg-4

1:16.16.1~dfsg+~2.10-1

1:16.16.1~dfsg+~2.10-2

1:16.23.0~dfsg+~2.10-1

1:16.23.0~dfsg+~cs6.10.20220309-1

1:16.23.0~dfsg+~cs6.10.20220309-2

1:16.23.0~dfsg+~cs6.10.40431411-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / ring

Package

Name: ring
Purl: pkg:deb/debian/ring?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20210112.2.b757bac~ds1-1+deb11u1

Affected versions

20210112.*

20210112.2.b757bac~ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ring

Package

Name: ring
Purl: pkg:deb/debian/ring?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20230206.0~ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/asterisk/asterisk

Affected ranges

Type: GIT
Repo: https://github.com/asterisk/asterisk
Events: Introduced

a65908f83e2f17a3aca7eb39c8e06045aca02674

Fixed

c28961a7d88cf065f693d1ea412c3e2b35e6d18e

Type: GIT
Repo: https://github.com/pjsip/pjproject
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

077b465c33f0aec05a49cd2ca456f9a1b112e896

Affected versions

2.*

2.10

2.11