跳转到帖子

Debian: CVE-2022-23547: asterisk, ring -- security update

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Debian: CVE-2022-23547: asterisk, ring -- security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
12/23/2022
Created
02/24/2023
Added
02/24/2023
Modified
01/28/2025

Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.

Solution(s)

  • debian-upgrade-asterisk
  • debian-upgrade-ring

References

  • https://attackerkb.com/topics/cve-2022-23547
  • CVE - 2022-23547
  • DLA-3335-1
  • DSA-5358-1
  • 引用
  • Mention
    • 查看数 696
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表