Home > Vulnerability Database > CVE-2022-39269

Mend.io Vulnerability Database

CVE-2022-39269

Date: October 6, 2022

PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.

Language: C

Severity Score

9.1

Related Resources (9)

Url: https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc

Url: https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html

Url: https://www.cve.org/CVERecord?id=CVE-2022-39269

Url: https://www.debian.org/security/2023/dsa-5358

Url: https://security-tracker.debian.org/tracker/CVE-2022-39269

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39269

Url: https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg

Url: https://security.gentoo.org/glsa/202210-37

Url: https://www.mend.io/vulnerability-database/CVE-2022-39269

Severity Score

9.1

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Cleartext Transmission of Sensitive Information

CWE-319

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39269

Date: October 6, 2022

Language: C

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?