{"vulnerability": "GHSA-9PFH-R8X4-W26W", "sightings": [{"uuid": "497c1d24-033b-4166-a9b4-768e13dfeed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-9PFH-R8X4-W26W", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12055", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23537\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).\n\ud83d\udccf Published: 2022-12-20T18:50:45.398Z\n\ud83d\udccf Modified: 2025-04-16T14:52:55.716Z\n\ud83d\udd17 References:\n1. https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w\n2. https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1\n3. https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "creation_timestamp": "2025-04-16T14:56:23.000000Z"}, {"uuid": "566bf0af-44b8-47f6-b54e-9fc8ac4196d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-9PFH-R8X4-W26W", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11751", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23547\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.\n\ud83d\udccf Published: 2022-12-23T14:00:22.817Z\n\ud83d\udccf Modified: 2025-04-15T03:12:28.456Z\n\ud83d\udd17 References:\n1. https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr\n2. https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w\n3. https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36\n4. https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "creation_timestamp": "2025-04-15T03:54:32.000000Z"}, {"uuid": "78713d8a-a580-46af-aa5a-b298ac79914d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-9PFH-R8X4-W26W", "type": "seen", "source": "https://t.me/cibsecurity/55253", "content": "\u203c CVE-2022-23547 \u203c\n\nPJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T18:14:45.000000Z"}]}