CVE-2022-24786

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-24786
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24786.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-24786
Aliases
  • GHSA-vhxv-phmx-g52q
Downstream
Published
2022-04-06T00:00:00Z
Modified
2026-05-14T12:03:26.681345385Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Potential out-of-bound read/write in PJSIP
Details

PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmediartcpfbparserpsi() will be affected. A patch is available in the master branch of the pjsip/pjproject GitHub repository. There are currently no known workarounds.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24786.json",
    "cwe_ids": [
        "CWE-125",
        "CWE-787"
    ]
}
References

Affected packages

Git / github.com/pjsip/pjproject

Affected ranges

Type
GIT
Repo
https://github.com/pjsip/pjproject
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
99660f6addf0072a1e01c3ba630e3701921add9e
Database specific 
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.12"
        }
    ]
}

Affected versions

2.*
2.10
2.11
2.12

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24786.json"