CVE-2022-24763

Name
CVE-2022-24763
Description
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4
MISC https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21
MLIST https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
Third Party Advisory https://security.gentoo.org/glsa/202210-37
MLIST https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
DEBIAN https://www.debian.org/security/2022/dsa-5285
MLIST https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:* pjsip >= None <= 2.12

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
pjproject 3.16-main 2.12.1-r0 Natanael Copa <ncopa@alpinelinux.org> fixed