Search for vulnerabilities
Vulnerability details: VCID-er1d-hxbc-aaab
Vulnerability ID VCID-er1d-hxbc-aaab
Aliases CVE-2022-24764
Summary PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121 Stack-based Buffer Overflow
System Score Found at
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00293 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00526 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24764
cvssv3.1 7.5 https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
ssvc Track https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
cvssv3.1 7.5 https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
ssvc Track https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
ssvc Track https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
ssvc Track https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2022-24764
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24764
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24764
cvssv3.1 7.5 https://security.gentoo.org/glsa/202210-37
ssvc Track https://security.gentoo.org/glsa/202210-37
cvssv3.1 7.5 https://www.debian.org/security/2022/dsa-5285
ssvc Track https://www.debian.org/security/2022/dsa-5285
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-24764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
https://security.gentoo.org/glsa/202210-37
https://www.debian.org/security/2022/dsa-5285
1014976 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2022-24764 https://nvd.nist.gov/vuln/detail/CVE-2022-24764
USN-6422-1 https://usn.ubuntu.com/6422-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/ Found at https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/ Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/ Found at https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/ Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24764
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202210-37
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/ Found at https://security.gentoo.org/glsa/202210-37
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2022/dsa-5285
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/ Found at https://www.debian.org/security/2022/dsa-5285
Exploit Prediction Scoring System (EPSS)
Percentile 0.45743
EPSS Score 0.00252
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.