=====================================================================

                               CERT-Renater

                    Note d'Information No. 2022/VULN361

_____________________________________________________________________

DATE                : 07/10/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running PJSIP versions prior to 2.13.

=====================================================================
https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg
https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj
_____________________________________________________________________

Potential media transport downgrade from the secure version (SRTP)
to the non-secure one (RTP)
Critical	sauwming published GHSA-wx5m-cj97-4wwg

Package
No package listed

Affected versions
from 2.11 until 2.12.1

Patched versions
2.13 or later


Description
When processing certain packets, PJSIP may incorrectly
switch from using SRTP media transport to using basic RTP
upon SRTP restart, causing the media to be sent insecurely.


Impact
The vulnerability impacts all PJSIP users that use SRTP.


Patches
The patch is available as commit d2acb9a in the master branch.


For more information
If you have any questions or comments about this advisory:
Email us at security@pjsip.org


Severity
Critical

CVE ID
CVE-2022-39269

Weaknesses
No CWEs

Credits
@andreas-wehrmann andreas-wehrmann

_____________________________________________________________________


Potential buffer overflow in pjlib scanner and pjmedia
Moderate	sauwming published GHSA-fq45-m3f7-3mhj

Package
No package listed

Affected versions
2.12.1 or lower

Patched versions
2.13 or later


Description

Impact
The vulnerability affects applications that uses PJSIP parser,
PJMEDIA RTP decoder, and PJMEDIA SDP parser.


Patches
The patch is available as commit c4d3498 in the master branch.

For more information


If you have any questions or comments about this advisory:
Email us at security@pjsip.org

Severity
Moderate
CVE ID
CVE-2022-39244
Weaknesses
CWE-119
Credits
@alichtman alichtman
@eoff eoff

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================