Headline
CVE-2022-39244: Merge pull request from GHSA-fq45-m3f7-3mhj · pjsip/pjproject@c4d3498
PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.
Permalink
Browse files
Merge pull request from GHSA-fq45-m3f7-3mhj
* Initial patch
* Use 'pj_scan_is_eof(scanner)'
Co-authored-by: Aaron Lichtman [email protected]
* Use 'pj_scan_is_eof(scanner)'
Co-authored-by: Aaron Lichtman [email protected]
* Use 'pj_scan_is_eof(scanner)'
Co-authored-by: Aaron Lichtman [email protected]
* Use `!pj_scan_is_eof` instead of manually checking `scanner->curptr < scanner->end`
Co-authored-by: Maksim Mukosey [email protected]
* Update pjlib-util/src/pjlib-util/scanner.c
Co-authored-by: Aaron Lichtman [email protected]
* Update pjlib-util/src/pjlib-util/scanner.c
Co-authored-by: Aaron Lichtman [email protected]
* Update pjlib-util/src/pjlib-util/scanner.c
Co-authored-by: Aaron Lichtman [email protected]
* Revert ‘>=’ back to ‘>’ in pj_scan_stricmp_alnum()
* Fix error compiles.
Co-authored-by: Nanang Izzuddin [email protected] Co-authored-by: Aaron Lichtman [email protected] Co-authored-by: Maksim Mukosey [email protected]
- Loading branch information
Related news
Ubuntu Security Notice 6422-2 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6422-1 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Debian Linux Security Advisory 5358-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code.
Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.