What is CVE-2022-39269?

CVE-2022-39269 is a critical-severity vulnerability in Pjsip Pjproject, classified under Cleartext Transmission of Sensitive Information. CVSS score: 9.1/10. Published 2022-10-06.

How severe is CVE-2022-39269?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Pjsip Pjproject

CVE-2022-39269

PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent…

EPSS: 0.002 (38.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Pjsip Pjproject — versions >= 2.11, < 2.13
Teluu Pjsip

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

References

security-advisories@github.com (Third Party Advisory)
security-advisories@github.com (Patch, Third Party Advisory)
GLSA-202210-37 (vendor-advisory, Third Party Advisory)
[debian-lts-announce] 20230222 [SECURITY] [DLA 3335-1] asterisk security update (mailing-list)
DSA-5358 (vendor-advisory)

Frequently asked questions

What is CVE-2022-39269?: CVE-2022-39269 is a critical-severity vulnerability in Pjsip Pjproject, classified under Cleartext Transmission of Sensitive Information. CVSS score: 9.1/10. Published 2022-10-06.
How severe is CVE-2022-39269?: Critical severity. CVSS v3 base score is 9.1 out of 10.