CVE-2022-39269

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39269

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39269.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39269

Aliases

GHSA-wx5m-cj97-4wwg

Related

Published

2022-10-06T18:16:13Z

Modified

2024-12-05T15:33:33.589179Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Alpine:v3.18 / pjproject

Package

Name: pjproject
Purl: pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-r0

Affected versions

1.*

1.0.1-r0

1.4-r0

1.4-r1

1.6-r0

1.6-r1

1.6-r2

1.10-r0

2.*

2.0-r0

2.1-r0

2.2-r0

2.2.1-r0

2.3-r0

2.4-r0

2.4.5-r0

2.5.5-r0

2.5.5-r1

2.5.5-r2

2.5.5-r3

2.5.5-r4

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.8-r0

2.9-r0

2.11-r0

2.11.1-r0

2.11.1-r1

2.11.1-r2

2.12-r0

2.12.1-r0

2.12.1-r1

2.12.1-r2

2.12.1-r3

Alpine:v3.19 / pjproject

Package

Name: pjproject
Purl: pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-r0

Affected versions

1.*

1.0.1-r0

1.4-r0

1.4-r1

1.6-r0

1.6-r1

1.6-r2

1.10-r0

2.*

2.0-r0

2.1-r0

2.2-r0

2.2.1-r0

2.3-r0

2.4-r0

2.4.5-r0

2.5.5-r0

2.5.5-r1

2.5.5-r2

2.5.5-r3

2.5.5-r4

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.8-r0

2.9-r0

2.11-r0

2.11.1-r0

2.11.1-r1

2.11.1-r2

2.12-r0

2.12.1-r0

2.12.1-r1

2.12.1-r2

2.12.1-r3

Alpine:v3.20 / pjproject

Package

Name: pjproject
Purl: pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-r0

Affected versions

1.*

1.0.1-r0

1.4-r0

1.4-r1

1.6-r0

1.6-r1

1.6-r2

1.10-r0

2.*

2.0-r0

2.1-r0

2.2-r0

2.2.1-r0

2.3-r0

2.4-r0

2.4.5-r0

2.5.5-r0

2.5.5-r1

2.5.5-r2

2.5.5-r3

2.5.5-r4

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.8-r0

2.9-r0

2.11-r0

2.11.1-r0

2.11.1-r1

2.11.1-r2

2.12-r0

2.12.1-r0

2.12.1-r1

2.12.1-r2

2.12.1-r3

Alpine:v3.21 / pjproject

Package

Name: pjproject
Purl: pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-r0

Affected versions

1.*

1.0.1-r0

1.4-r0

1.4-r1

1.6-r0

1.6-r1

1.6-r2

1.10-r0

2.*

2.0-r0

2.1-r0

2.2-r0

2.2.1-r0

2.3-r0

2.4-r0

2.4.5-r0

2.5.5-r0

2.5.5-r1

2.5.5-r2

2.5.5-r3

2.5.5-r4

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.8-r0

2.9-r0

2.11-r0

2.11.1-r0

2.11.1-r1

2.11.1-r2

2.12-r0

2.12.1-r0

2.12.1-r1

2.12.1-r2

2.12.1-r3

Debian:11 / asterisk

Package

Name: asterisk
Purl: pkg:deb/debian/asterisk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.28.0~dfsg-0+deb11u2

Affected versions

1:16.*

1:16.16.1~dfsg-1

1:16.16.1~dfsg-1+deb11u1~bpo10+1

1:16.16.1~dfsg-1+deb11u1

1:16.16.1~dfsg-2

1:16.16.1~dfsg-3

1:16.16.1~dfsg-4

1:16.16.1~dfsg+~2.10-1

1:16.16.1~dfsg+~2.10-2

1:16.23.0~dfsg+~2.10-1

1:16.23.0~dfsg+~cs6.10.20220309-1

1:16.23.0~dfsg+~cs6.10.20220309-2

1:16.23.0~dfsg+~cs6.10.40431411-1

1:16.28.0~dfsg-0+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ring

Package

Name: ring
Purl: pkg:deb/debian/ring?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20230206.0~ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/pjsip/pjproject

Affected ranges

Type: GIT
Repo: https://github.com/pjsip/pjproject
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d2acb9af4e27b5ba75d658690406cec9c274c5cc

Affected versions

2.*

2.10

2.11

2.12