VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-yzr5-f8ep-zqe2

Essentials
Severities (21)
References (33)
Severity details (20)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-yzr5-f8ep-zqe2
Aliases	CVE-2022-23608
Summary
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3.1	8.1	http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html
ssvc	Track	http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html
epss	0.00784	https://api.first.org/data/v1/epss?cve=CVE-2022-23608
cvssv3.1	8.1	http://seclists.org/fulldisclosure/2022/Mar/1
ssvc	Track	http://seclists.org/fulldisclosure/2022/Mar/1
cvssv3.1	8.1	https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f
ssvc	Track	https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f
cvssv3.1	8.1	https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62
ssvc	Track	https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62
cvssv3.1	8.1	https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
cvssv3.1	8.1	https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html
cvssv3.1	8.1	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
cvssv3.1	8.1	https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
cvssv3.1	8.1	https://security.gentoo.org/glsa/202210-37
ssvc	Track	https://security.gentoo.org/glsa/202210-37
cvssv3.1	8.1	https://www.debian.org/security/2022/dsa-5285
ssvc	Track	https://www.debian.org/security/2022/dsa-5285

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-23608
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
1		http://seclists.org/fulldisclosure/2022/Mar/1
1014998		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
Asterisk-Project-Security-Advisory-AST-2022-005.html		http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html
db3235953baa56d2fb0e276ca510fefca751643f		https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f
dsa-5285		https://www.debian.org/security/2022/dsa-5285
GHSA-ffff-m5fm-qm62		https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62
GLSA-202210-37		https://security.gentoo.org/glsa/202210-37
msg00021.html		https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
msg00035.html		https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
msg00038.html		https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
msg00040.html		https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html
USN-6422-1		https://usn.ubuntu.com/6422-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/ Found at http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2022/Mar/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/ Found at http://seclists.org/fulldisclosure/2022/Mar/1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/ Found at https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/ Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/ Found at https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/ Found at https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/ Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202210-37

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/ Found at https://security.gentoo.org/glsa/202210-37

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2022/dsa-5285

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/ Found at https://www.debian.org/security/2022/dsa-5285

Exploit Prediction Scoring System (EPSS)

Percentile	0.74063
EPSS Score	0.00784
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T09:34:58.962273+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.16/main.json	38.6.0