CVE-2022-31031

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31031
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31031.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-31031
Downstream
Related
  • GHSA-26j7-ww69-c4qj
Published
2022-06-09T16:15:08Z
Modified
2025-09-19T13:55:11.427091Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using pjlib-util/stun_simple API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.

References

Affected packages

Alpine:v3.18

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.13-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0
2.12.1-r0
2.12.1-r1
2.12.1-r2
2.12.1-r3

Alpine:v3.19

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.13-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0
2.12.1-r0
2.12.1-r1
2.12.1-r2
2.12.1-r3

Alpine:v3.20

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.13-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0
2.12.1-r0
2.12.1-r1
2.12.1-r2
2.12.1-r3

Alpine:v3.21

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.13-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0
2.12.1-r0
2.12.1-r1
2.12.1-r2
2.12.1-r3

Alpine:v3.22

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.13-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0
2.12.1-r0
2.12.1-r1
2.12.1-r2
2.12.1-r3

Git

github.com/pjsip/pjproject

Affected ranges

Type
GIT
Repo
https://github.com/pjsip/pjproject
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
450baca94f475345542c6953832650c390889202

Affected versions

2.*

2.10
2.11
2.12

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "18675985838574001591672348400044795040",
                    "200545929341133339176492842925854951894",
                    "71345757283245926026788890123809048397",
                    "211798829883131747519432289994270918858",
                    "256546572321531786175823060796245495320",
                    "176674116864836577417796026252013864768",
                    "35219471761988995358705221229101182948",
                    "100676641146409153927902959964396058321",
                    "64010385457529374259348921871547858181",
                    "171761158291525197135947210639399377618",
                    "132419225607288865818083473479881875173",
                    "205008093233970311751219738864899309652"
                ]
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202",
            "id": "CVE-2022-31031-b211dd0b",
            "deprecated": false,
            "target": {
                "file": "pjlib-util/src/pjlib-util/stun_simple.c"
            }
        },
        {
            "digest": {
                "function_hash": "105640829199272616322361861027215462711",
                "length": 1569.0
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202",
            "id": "CVE-2022-31031-d5d5e7ab",
            "deprecated": false,
            "target": {
                "file": "pjlib-util/src/pjlib-util/stun_simple.c",
                "function": "pjstun_parse_msg"
            }
        }
    ]
}