What is CVE-2022-31031?

CVE-2022-31031 is a critical-severity vulnerability in Pjsip Pjproject, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 9.8/10. Published 2022-06-07.

How severe is CVE-2022-31031?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in Pjsip Pjproject

CVE-2022-31031

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vuln…

Vulnerability class: Buffer Overflow

EPSS: 0.007 (72.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Pjsip Pjproject — versions <= 2.12.1

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202
GLSA-202210-37 (vendor-advisory)
[debian-lts-announce] 20230222 [SECURITY] [DLA 3335-1] asterisk security update (mailing-list)
DSA-5358 (vendor-advisory)
[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update (mailing-list)

Frequently asked questions

What is CVE-2022-31031?: CVE-2022-31031 is a critical-severity vulnerability in Pjsip Pjproject, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 9.8/10. Published 2022-06-07.
How severe is CVE-2022-31031?: Critical severity. CVSS v3 base score is 9.8 out of 10.