1. CVE-Search
  2. CVE-2022-24786
ID CVE-2022-24786
Summary PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
References
Vulnerable Configurations
  • cpe:2.3:a:pjsip:pjsip:-:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:-:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.5.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.5.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.7.0:-:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.7.0:-:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:1.16:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.0:-:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.9:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.10:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.11:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pjsip:pjsip:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:pjsip:pjsip:2.12:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 02-02-2023 - 18:30)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
Last major update 02-02-2023 - 18:30
Published 06-04-2022 - 14:15
Last modified 02-02-2023 - 18:30
Back to Top