{"vulnerability": "CVE-2022-23537", "sightings": [{"uuid": "63d04037-c9ac-4d0d-95c7-4390e5dd377e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23537", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12055", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23537\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).\n\ud83d\udccf Published: 2022-12-20T18:50:45.398Z\n\ud83d\udccf Modified: 2025-04-16T14:52:55.716Z\n\ud83d\udd17 References:\n1. https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w\n2. https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1\n3. https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "creation_timestamp": "2025-04-16T14:56:23.000000Z"}, {"uuid": "b297bfb3-5738-4d00-bddd-f1b33d8fa9f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23537", "type": "seen", "source": "https://t.me/cibsecurity/54992", "content": "\u203c CVE-2022-23537 \u203c\n\nPJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T22:12:34.000000Z"}]}