CVE-2022-39269— Media transport downgrade from the secure version (SRTP) to non-secure (RTP) in pjsip

CVSS 9.1 · Critical EPSS 0.22% · P44 Updated Apr 29, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-39269

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Media transport downgrade from the secure version (SRTP) to non-secure (RTP) in pjsip

Source: NVD (National Vulnerability Database)

Vulnerability Description

PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

敏感数据的明文传输

Source: NVD (National Vulnerability Database)

Vulnerability Title

PJSIP 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PJSIP是一个免费和开源的多媒体通信库，用C语言编写，实现基于标准的协议，如SIP, SDP, RTP, STUN, TURN，和ICE。 PJSIP存在安全漏洞，该漏洞源于其在处理某些报文时，当SRTP重新启动后，PJSIP可能会错误地从使用SRTP媒体传输切换到使用基本RTP媒体传输，导致媒体发送不安全。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
pjsip	pjproject	>= 2.11, < 2.13	-

II. Public POCs for CVE-2022-39269

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-39269

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: pjproject

Same vendor: pjsip

Same weakness: CWE-319

V. Comments for CVE-2022-39269

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-39269— Media transport downgrade from the secure version (SRTP) to non-secure (RTP) in pjsip

I. Basic Information for CVE-2022-39269

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-39269

III. Intelligence Information for CVE-2022-39269

IV. Related Vulnerabilities

V. Comments for CVE-2022-39269

Leave a comment