Skip to content

Potential buffer overflow in pjlib scanner and pjmedia

Moderate
sauwming published GHSA-fq45-m3f7-3mhj Oct 3, 2022

Package

No package listed

Affected versions

2.12.1 or lower

Patched versions

2.13 or later

Description

Impact

The vulnerability affects applications that uses PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser.

Patches

The patch is available as commit c4d3498 in the master branch.

For more information

If you have any questions or comments about this advisory:
Email us at security@pjsip.org

Severity

Moderate

CVE ID

CVE-2022-39244

Weaknesses

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. Learn more on MITRE.

Credits