=====================================================================

                              CERT-Renater

                    Note d'Information No. 2021/VULN126
_____________________________________________________________________

DATE                : 23/03/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running PJSIP versions 2.12 or lower.

=====================================================================
https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
_____________________________________________________________________


Potential stack buffer overflow when printing SDP into a buffer
Critical	sauwming published GHSA-f5qg-pqcg-765m

Package
No package listed

Affected versions
2.12 or lower

Patched versions
None


Description

Impact
It is a stack buffer overflow vulnerability and affects PJSUA2 users or 
users that directly calls the API pjmedia_sdp_print(), 
pjmedia_sdp_media_print(). Applications that do not use PJSUA2 and do 
not directly call pjmedia_sdp_print() or pjmedia_sdp_media_print() 
should not be affected.


Patches
The patch is available as commit 560a134 in the master branch.


For more information
If you have any questions or comments about this advisory:
Email us at security@pjsip.org


CVE ID
CVE-2022-24764

GHSA ID
GHSA-f5qg-pqcg-765m

Credits
@arasht94 arasht94 Arash Taheri
@davidlie davidlie David Lie


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================