CVE-2022-24763

PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.

Database specific

{
    "cwe_ids": [
        "CWE-835"
    ]
}

References

Affected packages

Git / github.com/pjsip/pjproject

Affected ranges

Type: GIT
Repo: https://github.com/pjsip/pjproject
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

856f87c2e97a27b256482dbe0d748b1194355a21

Affected versions

2.*

2.10

2.11

2.12

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21",
        "target": {
            "function": "xml_parse_node",
            "file": "pjlib-util/src/pjlib-util/xml.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "function_hash": "23112874292123438721122673683301241166",
            "length": 2419.0
        },
        "signature_version": "v1",
        "id": "CVE-2022-24763-010f5c90"
    },
    {
        "source": "https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21",
        "target": {
            "file": "pjlib-util/src/pjlib-util/xml.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "298137472848914754553705263002548042059",
                "256854082399797273380735969700505730638",
                "151671903702646675619882133541944850855",
                "166700460298304986497664136193760399315"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "id": "CVE-2022-24763-1d35935b"
    }
]