UBUNTU-CVE-2022-39269

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-39269

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-39269.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-39269

Upstream

CVE-2022-39269

Published

2022-10-06T18:16:00Z

Modified

2025-07-14T07:15:47.943027Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Ubuntu:Pro:16.04:LTS / asterisk

Package

Name: asterisk
Purl: pkg:deb/ubuntu/asterisk@1:13.1.0~dfsg-1.1ubuntu4.1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:13.*

1:13.1.0~dfsg-1.1ubuntu3

1:13.1.0~dfsg-1.1ubuntu4

1:13.1.0~dfsg-1.1ubuntu4.1

1:13.1.0~dfsg-1.1ubuntu4.1+esm1

Ubuntu:Pro:16.04:LTS / pjproject

Package

Name: pjproject
Purl: pkg:deb/ubuntu/pjproject@2.1.0.0.ast20130823-1+deb8u1build0.16.04.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.0.0.ast20130823-1

2.1.0.0.ast20130823-1+deb8u1build0.16.04.1

Ubuntu:Pro:18.04:LTS / asterisk

Package

Name: asterisk
Purl: pkg:deb/ubuntu/asterisk@1:13.18.3~dfsg-1ubuntu4?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:13.*

1:13.17.2~dfsg-1ubuntu1

1:13.17.2~dfsg-2ubuntu1

1:13.18.1~dfsg-1ubuntu1

1:13.18.3~dfsg-1ubuntu1

1:13.18.3~dfsg-1ubuntu2

1:13.18.3~dfsg-1ubuntu3

1:13.18.3~dfsg-1ubuntu4

Ubuntu:Pro:18.04:LTS / pjproject

Package

Name: pjproject
Purl: pkg:deb/ubuntu/pjproject@2.7.2~dfsg-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6~dfsg-2

2.7~dfsg-1

2.7.1~dfsg-1

2.7.1~dfsg-1build1

2.7.2~dfsg-1

Ubuntu:Pro:18.04:LTS / ring

Package

Name: ring
Purl: pkg:deb/ubuntu/ring@20180228.1.503da2b~ds1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20170803.*

20170803.2.5fcfe3f~dfsg1-1

20171024.*

20171024.1.eadbdeb~ds1-1

20171129.*

20171129.2.cf5bbff~ds1-1

20171129.2.cf5bbff~ds1-2

20180119.*

20180119.1.9e06f94~ds1-1

20180119.1.9e06f94~ds1-3

20180222.*

20180222.1.7bffde2~ds2-2

20180228.*

20180228.1.503da2b~ds1-1

20180228.1.503da2b~ds1-1build1

20180228.1.503da2b~ds1-1ubuntu0.1~esm1

Ubuntu:Pro:20.04:LTS / asterisk

Package

Name: asterisk
Purl: pkg:deb/ubuntu/asterisk@1:16.2.1~dfsg-2ubuntu1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:16.*

1:16.2.1~dfsg-2build2

1:16.2.1~dfsg-2build3

1:16.2.1~dfsg-2ubuntu1

Ubuntu:Pro:20.04:LTS / ring

Package

Name: ring
Purl: pkg:deb/ubuntu/ring@20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20190215.*

20190215.1.f152c98~ds1-1

20190215.1.f152c98~ds1-1build1

20190215.1.f152c98~ds1-1build2

20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1

Ubuntu:22.04:LTS / asterisk

Package

Name: asterisk
Purl: pkg:deb/ubuntu/asterisk@1:18.10.0~dfsg+~cs6.10.40431411-2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:16.*

1:16.16.1~dfsg-2

1:16.16.1~dfsg-4

1:16.16.1~dfsg-4build1

1:16.16.1~dfsg+~2.10-1

1:18.*

1:18.10.0~dfsg+~cs6.10.40431411-2

Ubuntu:24.04:LTS / asterisk

Package

Name: asterisk
Purl: pkg:deb/ubuntu/asterisk@1:20.6.0~dfsg+~cs6.13.40431414-2build5?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:20.*

1:20.4.0~dfsg+~cs6.13.40431414-2

1:20.5.0~dfsg+~cs6.13.40431414-1

1:20.5.1~dfsg+~cs6.13.40431414-1

1:20.5.2~dfsg+~cs6.13.40431414-1

1:20.6.0~dfsg+~cs6.13.40431414-1

1:20.6.0~dfsg+~cs6.13.40431414-2

1:20.6.0~dfsg+~cs6.13.40431414-2build3

1:20.6.0~dfsg+~cs6.13.40431414-2build4

1:20.6.0~dfsg+~cs6.13.40431414-2build5

Ubuntu:25.04 / asterisk

Package

Name: asterisk
Purl: pkg:deb/ubuntu/asterisk@1:22.2.0~dfsg+~cs6.15.60671435-2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:20.*

1:20.8.1~dfsg+~cs6.14.40431414-1

1:22.*

1:22.0.0~dfsg+~cs6.14.60671435-1

1:22.1.0~dfsg+~cs6.14.60671435-1

1:22.1.1~dfsg+~cs6.14.60671435-1

1:22.2.0~dfsg+~cs6.15.60671435-1

1:22.2.0~dfsg+~cs6.15.60671435-2