PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIPs XML parsing in their apps. Users are advised to update. There are no known workarounds.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pjsip | Pjsip | 2.5 (including) | 2.13 (excluding) |
| Pjproject | Ubuntu | bionic | * |
| Pjproject | Ubuntu | trusty | * |
| Pjproject | Ubuntu | xenial | * |
| Ring | Ubuntu | bionic | * |
| Ring | Ubuntu | esm-apps/bionic | * |
| Ring | Ubuntu | esm-apps/focal | * |
| Ring | Ubuntu | focal | * |
| Ring | Ubuntu | impish | * |
| Ring | Ubuntu | trusty | * |
| Ring | Ubuntu | xenial | * |
References
- https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21
- https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4
- https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
- https://security.gentoo.org/glsa/202210-37
- https://www.debian.org/security/2022/dsa-5285
- https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21
- https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4
- https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
- https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html
- https://security.gentoo.org/glsa/202210-37
- https://www.debian.org/security/2022/dsa-5285