CVE-2022-24754
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-24754
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24754.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-24754
- Aliases
-
- GHSA-73f7-48m9-w662
- Downstream
- Published
- 2022-03-11T00:00:00Z
- Modified
- 2025-10-20T20:02:27.723935Z
- Severity
-
- 8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Buffer overflow in pjsip
- Details
-
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type
PJSIP_CRED_DATA_DIGEST). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal toPJSIP_MD5STRLENbefore passing to PJSIP. - Database specific
{ "cwe_ids": [ "CWE-120" ] }- References
-
- https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662
- https://security.gentoo.org/glsa/202210-37
- https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
- https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47
Affected packages
Git / github.com/pjsip/pjproject
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pjsip/pjproject
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"299709311873608880988636980742695464174",
"21132021110159453837357094061206524990",
"175235747002450925360748944550633140623",
"53651555075693628937070254714905623725",
"319023144680460019869710402161431358443",
"106147087297585284636659469915616770521",
"57396927823695453249183366179384935478",
"290753011912600507561802673292980787819",
"149248161753406939423559045031533028501",
"156636241931698883008699077916843830348",
"221414907044905307170300040543307656407",
"222970373177366380371470508801480012972",
"243214901310204531526097904885272190982",
"230041218211099497348857410262718506825",
"135349389105438244115321296346845134079",
"125848110818998147133357429185634416478",
"218567861510236212098921142465771812177",
"289045686244688161745219329064037059425",
"47143129881767005743826879243880772892",
"15844686209243868257683620166399251725",
"186727829927895096419588063123912527960",
"329423712444533618661582743285352574716"
]
},
"target": {
"file": "pjsip/src/pjsip/sip_auth_aka.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47",
"id": "CVE-2022-24754-09e9e58a"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"127552057055220083890816550508220109062",
"91621638760567993974657839912469334622",
"160721926611612678508243652513833616843",
"240888577185830077805007716856733299688",
"235528526870395130326396853882396535302",
"178072715449166534323518089856372074363",
"191438391579901834080632174740888308246",
"35812943875898568257213428124828873289",
"12445385296682089902395049039351825883",
"13927135657463034826122165689244649037",
"5314942704111016561485380214551975699"
]
},
"target": {
"file": "pjsip/include/pjsip/sip_auth.h"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47",
"id": "CVE-2022-24754-31dd1a54"
},
{
"digest": {
"length": 2095.0,
"function_hash": "193403478551700848744184750211318234695"
},
"target": {
"function": "pjsip_auth_create_digest",
"file": "pjsip/src/pjsip/sip_auth_client.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47",
"id": "CVE-2022-24754-527d3e78"
},
{
"digest": {
"length": 930.0,
"function_hash": "161017084494128264196437867381472270636"
},
"target": {
"function": "pjsip_auth_verify",
"file": "pjsip/src/pjsip/sip_auth_server.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47",
"id": "CVE-2022-24754-5d771c3b"
},
{
"digest": {
"length": 2393.0,
"function_hash": "326416517246919267048869581302434904226"
},
"target": {
"function": "pjsip_auth_create_digestSHA256",
"file": "pjsip/src/pjsip/sip_auth_client.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47",
"id": "CVE-2022-24754-6d998651"
},
{
"digest": {
"length": 546.0,
"function_hash": "43545456541552402077718747936953011369"
},
"target": {
"function": "pjsua_init_tpselector",
"file": "pjsip/src/pjsua-lib/pjsua_core.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47",
"id": "CVE-2022-24754-96ea7ec0"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"299324814416343543571757817326165202294",
"256166016884312026402124906095048333763",
"291725667466502172956620567310887881710",
"244829362517469787970947648338750558324"
]
},
"target": {
"file": "pjsip/src/pjsua-lib/pjsua_core.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47",
"id": "CVE-2022-24754-d4df6836"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"95307009860509129960560266534071745590",
"303331917024133179334646894383753551461",
"33200503177742851277560014746584853177",
"327168562757884382986525338077633273736",
"234765433886472583158333848610253192311",
"80224222316804034161446718762421397438",
"319510872813167541266065731009450288387",
"305689425947208245683449235787110381166",
"170323786618635740249767696414447335669",
"227219934042793132927066209752302106395",
"143131811185387386453370571323336087445"
]
},
"target": {
"file": "pjsip/src/pjsip/sip_auth_server.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47",
"id": "CVE-2022-24754-e0dc2a3b"
},
{
"digest": {
"length": 3735.0,
"function_hash": "316532123808513179049598314143826768838"
},
"target": {
"function": "pjsip_auth_create_aka_response",
"file": "pjsip/src/pjsip/sip_auth_aka.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47",
"id": "CVE-2022-24754-e8a4ac96"
},
{
"digest": {
"length": 2845.0,
"function_hash": "58612058819281644506436380980114981734"
},
"target": {
"function": "respond_digest",
"file": "pjsip/src/pjsip/sip_auth_client.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47",
"id": "CVE-2022-24754-efd2039e"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"129007404223081355569279857001359517210",
"148103138827750535100809059179281238831",
"140872972899068844689380460735039345019",
"197336857198129548166294622601880812675",
"235528526870395130326396853882396535302",
"178072715449166534323518089856372074363",
"191438391579901834080632174740888308246",
"35812943875898568257213428124828873289",
"38922946807880747353738175684201721756",
"175629687072950732662345660179761410559",
"96337523701056546404814340465987193558",
"186795348131012735069534514966008853851",
"136271400945968952686102528127097627684",
"273155399320214154825553174523945036686",
"266402998607369725301257178557449968800",
"142187337169602350560179703839388464809",
"284028682419841529722557231845458601820",
"172034340996308385347585106436303097746",
"150915179858999480422407539848543749386",
"200487468730075082661208002668781382872",
"26438063097519752225916118592982858722",
"58325348224149257418589618891699167954",
"199208029378941161779698593396364233770",
"80902009835596586330952109022999738381",
"189866088870383006487868462858445876340",
"248535431231652045404363195556401223180",
"301286528795969933392072327863189548604",
"240639140101793144357722267177821654396",
"142187337169602350560179703839388464809",
"284028682419841529722557231845458601820",
"100938276335210479326103081557462111707",
"73056333916544673455367935001129775206",
"43617085702140317290165527882027012306",
"140406807938132590108112090280939984394",
"164750884065599966374857189874672896520",
"37520016214645960705384507672007936439",
"268871096259333787879392378310234569610",
"314215540569679520543591439573713768875",
"214182602395579473802815561036868975382",
"245834873060523651769253972492333565471",
"5477344550756524549779931453315935341",
"284797472272498997295071519140016313266",
"125287657033826934400923259295421157595",
"87331820121713681744514647174116496314",
"207709037486222873007256855542520868813",
"67581944292747873271074475991451135331",
"125562384544312494927789251061716728643",
"280780336817347750798757675498652125459",
"266518885114482179965110974435584014900",
"15255620025737344812324059885867437618",
"280461626524850351438469834240632116672",
"5477344550756524549779931453315935341",
"94403232902452911798600831123668280417",
"52274894352646868827625186777162535040",
"248626396475163284743303245520251021167",
"200275248188335186631209392542051503954",
"144337981150845925292732799271238955273",
"197027431603965822675305083419595989785",
"329025692917649332323625675752738623362",
"284387742252265801411590215417906017381",
"260192736690556203765856357137809903848",
"338885731672668099010170293648019508200",
"144337981150845925292732799271238955273",
"10129492493559366802851649302570180529",
"137833553310127616346639802288297103671",
"317783544775551967948629360062908363544",
"296441803874759078961826599977186502205",
"21214352845719137033646023319690826875",
"82012062592255314118137714038488112838",
"78567939356946561319398206500180039304"
]
},
"target": {
"file": "pjsip/src/pjsip/sip_auth_client.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47",
"id": "CVE-2022-24754-f4c3e16a"
}
]