CVE-2022-31031

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.

CVSS v3 9.8 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202	Patch Third Party Advisory
https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html	Mailing List
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
https://security.gentoo.org/glsa/202210-37	Third Party Advisory
https://www.debian.org/security/2023/dsa-5358	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

History

No history.

Information

Published : 2022-06-09 16:15

Updated : 2023-08-30 01:15

NVD link : CVE-2022-31031

Mitre link : CVE-2022-31031

CVE.ORG link : CVE-2022-31031

JSON object : View

Products Affected

teluu

pjsip

debian

debian_linux

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-31031", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-06-09T16:15:08.917", "references": [{"url": "https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html", "tags": ["Mailing List"], "source": "security-advisories@github.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "source": "security-advisories@github.com"}, {"url": "https://security.gentoo.org/glsa/202210-37", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.debian.org/security/2023/dsa-5358", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-120"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue."}, {"lang": "es", "value": "PJSIP es una librer\u00eda de comunicaci\u00f3n multimedia gratuita y de c\u00f3digo abierto escrita en lenguaje C que implementa protocolos basados en est\u00e1ndares como SIP, SDP, RTP, STUN, TURN e ICE. En las versiones anteriores a 2.12.1, inclusive, una vulnerabilidad de desbordamiento del b\u00fafer de la pila afecta a usuarios de PJSIP que usan STUN en sus aplicaciones, ya sea: estableciendo un servidor STUN en su cuenta/configuraci\u00f3n de medios en el nivel PJSUA/PJSUA2, o usando directamente la API \"pjlib-util/stun_simple\". Se presenta un parche disponible en el commit 450baca que deber\u00eda incluirse en la pr\u00f3xima versi\u00f3n. No se presentan mitigaciones conocidas para este problema"}], "lastModified": "2023-08-30T01:15:36.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB67AFA6-BEEF-4F44-A8BE-392745A0E41E", "versionEndIncluding": "2.12.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}