From 41c9ce34b2e0f174d3142b50abcfb640ea55d20f Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 6 Apr 2022 13:49:15 +0000 Subject: [PATCH] Add CVE-2022-24786 for GHSA-vhxv-phmx-g52q Add CVE-2022-24786 for GHSA-vhxv-phmx-g52q --- 2022/24xxx/CVE-2022-24786.json | 90 +++++++++++++++++++++++++++++++--- 1 file changed, 84 insertions(+), 6 deletions(-) diff --git a/2022/24xxx/CVE-2022-24786.json b/2022/24xxx/CVE-2022-24786.json index 219e1042a04..ab59de32338 100644 --- a/2022/24xxx/CVE-2022-24786.json +++ b/2022/24xxx/CVE-2022-24786.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24786", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Potential out-of-bound read/write in PJSIP" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pjproject", + "version": { + "version_data": [ + { + "version_value": "<= 2.12" + } + ] + } + } + ] + }, + "vendor_name": "pjsip" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q", + "refsource": "CONFIRM", + "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q" + }, + { + "name": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", + "refsource": "MISC", + "url": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508" + } + ] + }, + "source": { + "advisory": "GHSA-vhxv-phmx-g52q", + "discovery": "UNKNOWN" } } \ No newline at end of file