VulnerableCode Package Details - pkg:deb/debian/asterisk@1:20.2.1~dfsg%2B~cs6.13.40431413-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-78pt-2a1h-aaaj Aliases: CVE-2022-39269	PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.	There are no reported fixed by versions.
VCID-p59b-1vra-aaac Aliases: CVE-2022-23537	PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).	There are no reported fixed by versions.
VCID-skdg-97kv-aaap Aliases: CVE-2022-23547	PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-78pt-2a1h-aaaj
Aliases:
CVE-2022-39269

PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.

There are no reported fixed by versions.

VCID-p59b-1vra-aaac
Aliases:
CVE-2022-23537

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).

There are no reported fixed by versions.

VCID-skdg-97kv-aaap
Aliases:
CVE-2022-23547

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

purl	pkg:deb/debian/asterisk@1:20.2.1~dfsg%2B~cs6.13.40431413-1
Tags	Ghost

Next non-vulnerable version	1:22.4.1~dfsg+~cs6.15.60671435-2
Latest non-vulnerable version	1:22.4.1~dfsg+~cs6.15.60671435-2
Risk	4.4