Search for vulnerabilities
Vulnerability details: VCID-xxe3-nq4c-bkec
Vulnerability ID VCID-xxe3-nq4c-bkec
Aliases CVE-2022-39269
Summary PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 8.2
Risk 4.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-39269
cvssv3.1 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39269
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-39269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc
https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg
1032092 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*
CVE-2022-39269 https://nvd.nist.gov/vuln/detail/CVE-2022-39269
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-39269
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.20541
EPSS Score 0.00065
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:40:16.628713+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/edge/main.json 37.0.0