=====================================================================

                               CERT-Renater

                    Note d'Information No. 2022/VULN481

_____________________________________________________________________

DATE                : 21/12/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Pjsip versions prior to 2.13.1.

=====================================================================
https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
_____________________________________________________________________


Heap buffer overflow when decoding STUN message
Critical
sauwming published GHSA-9pfh-r8x4-w26w

Package
No package listed

Affected versions
2.13 or lower

Patched versions
2.13.1


Description

Impact

Possible buffer overread when parsing a specially crafted STUN
message with unknown attribute. The vulnerability affects
applications that uses STUN including PJNATH and PJSUA-LIB.


Patches

The patch is available as commit d8440f4 in the master branch.


For more information

If you have any questions or comments about this advisory:
Email us at security@pjsip.org


Reporter

google/oss-fuzz


Severity
Critical

CVE ID
CVE-2022-23537

Weaknesses
No CWEs


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================