CVE-2022-23608— Use after free in PJSIP
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-23608
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use after free in PJSIP
Source: NVD (National Vulnerability Database)
Vulnerability Description
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
PJSIP 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PJSIP是一个免费和开源的多媒体通信库,用C语言编写,实现基于标准的协议,如SIP, SDP, RTP, STUN, TURN,和ICE。 PJSIP 存在资源管理错误漏洞,该漏洞源于在2.11.1之前的版本中,在对话框集(或分叉)场景中,多个UAC对话框共享的哈希键可能会在其中一个对话框被销毁时提前释放。攻击者可利用该漏洞导致一个对话框集在哈希表中注册多次(使用不同的哈希键),从而导致未定义的行为,如对话列表冲突,最终导致无尽的循环。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2022-23608
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-23608
请登录查看更多情报信息。
- https://www.debian.org/security/2022/dsa-5285vendor-advisory
- https://security.gentoo.org/glsa/202210-37vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-23608
IV. Related Vulnerabilities
Same product: pjproject
- CVE-2026-42225
GnuTLS backend silently skips certificate chain verification - CVE-2026-41416
PJSIP: Asymmetric ptime integer overflow in Media Stream - CVE-2026-41415
PJSIP: SIP Multipart CID URI Length Underflow - CVE-2026-40892
PJSIP: Stack buffer overflow in pjsip_auth_create_digest2() - CVE-2026-40614
PJSIP: Heap buffer overflow in Opus codec decoding
Same vendor: pjsip
- CVE-2026-42225
GnuTLS backend silently skips certificate chain verification - CVE-2026-41416
PJSIP: Asymmetric ptime integer overflow in Media Stream - CVE-2026-41415
PJSIP: SIP Multipart CID URI Length Underflow - CVE-2026-40892
PJSIP: Stack buffer overflow in pjsip_auth_create_digest2() - CVE-2026-40614
PJSIP: Heap buffer overflow in Opus codec decoding
V. Comments for CVE-2022-23608
No comments yet