CVE-2022-23547— PJSIP 缓冲区错误漏洞

Heap buffer overflow in pjproject when decoding STUN message

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

堆缓冲区溢出

PJSIP 缓冲区错误漏洞

PJSIP是一个免费和开源的多媒体通信库，用C语言编写，实现基于标准的协议，如SIP, SDP, RTP, STUN, TURN，和ICE。 PJSIP存在安全漏洞，该漏洞源于其解析STUN消息时可能覆盖缓冲区。

N/A

N/A