CVE-2022-24763

HIGH

PJSIP <2.12 - DoS

Title source: llm

Description

PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.

References (8)

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html

[Third Party Advisory] https://security.gentoo.org/glsa/202210-37

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5285

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

[Patch, Third Party Advisory] https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21

View Patch ZIP pw:eip

[Patch, Third Party Advisory] https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html

Scores

CVSS v3 7.5

EPSS 0.0140

EPSS Percentile 80.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-835

Status published

Products (4)

debian/debian_linux 9.0

debian/debian_linux 10.0

debian/debian_linux 11.0

pjsip/pjsip 2.5 - 2.13

Published Mar 30, 2022

Tracked Since Feb 18, 2026