PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
{
"cwe_ids": [
"CWE-416"
]
}[
{
"source": "https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f",
"target": {
"function": "pjsip_ua_register_dlg",
"file": "pjsip/src/pjsip/sip_ua_layer.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-23608-355230e4",
"signature_type": "Function",
"digest": {
"length": 1293.0,
"function_hash": "70864365647463181531377157832882948337"
}
},
{
"source": "https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f",
"target": {
"file": "pjsip/src/pjsip/sip_ua_layer.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-23608-72a4e833",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"35044963737909182750976988013543151585",
"274144572850971968984223178129741964378",
"327866941129416586371485987256680653042",
"278964308653987790508818723557346007876",
"118617777954467364660685834425431110951",
"39842029878659853167124900145533447634",
"233583658050670777957317585774738673718",
"152376793907742555565342316863043999706",
"81034486586616770828769400067039068473",
"331762626478723345717002742214489832028",
"329744869666591730109847079269929734320",
"100483151796278282844702008557340325697",
"262966323463297120054712802588079457600",
"188241175192256331206783565689951138161",
"106471595696240651924335432149740784991",
"233583658050670777957317585774738673718",
"165310500601666153320010031136945376552",
"152376793907742555565342316863043999706",
"81034486586616770828769400067039068473",
"79050953633119509235323932178218138010",
"265623418085474705873340500298327138396",
"234472024739533618775547351440906541130",
"37774906820175420339822954680670494402",
"268477980689351220442711958497006533322",
"322982064135337224451875461834467683015",
"258195686411967309294252780938776064437",
"266785147904183242574817808076079443858",
"183780306884699047150813257099414824076",
"224370694348844285127264539487701550048"
]
}
},
{
"source": "https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f",
"target": {
"function": "pjsip_ua_unregister_dlg",
"file": "pjsip/src/pjsip/sip_ua_layer.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-23608-c5a425ce",
"signature_type": "Function",
"digest": {
"length": 796.0,
"function_hash": "211805886419818402529225624580225128528"
}
}
]