跳转到帖子

Ubuntu: USN-6422-1 (CVE-2022-23537): Ring vulnerabilities

recommended_posts

发布于
  • Members

Ubuntu: USN-6422-1 (CVE-2022-23537): Ring vulnerabilities

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
12/20/2022
Created
10/11/2023
Added
10/10/2023
Modified
01/28/2025

Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).

Solution(s)

  • ubuntu-pro-upgrade-jami
  • ubuntu-pro-upgrade-jami-daemon
  • ubuntu-pro-upgrade-ring
  • ubuntu-pro-upgrade-ring-daemon

References

  • https://attackerkb.com/topics/cve-2022-23537
  • CVE - 2022-23537
  • USN-6422-1
  • 查看数 694
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

游客
回帖…