CVE-2022-21723 in PJSIPinfo

Summary

by MITRE • 01/27/2022

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/27/2026

The vulnerability identified as CVE-2022-21723 affects PJSIP, a widely-used open-source multimedia communication library implementing standard protocols including SIP, SDP, RTP, STUN, TURN, and ICE. This issue represents a critical memory safety flaw that emerges during the parsing of incoming SIP messages containing malformed multipart content. The vulnerability specifically targets versions 2.11.1 and earlier, making all users of these affected versions susceptible to potential security risks when processing SIP multipart data. The nature of this flaw lies in the library's insufficient input validation mechanisms, which fail to properly handle malformed multipart structures during SIP message processing.

The technical exploitation of this vulnerability occurs through out-of-bounds read access patterns that arise when PJSIP attempts to parse malformed multipart content within incoming SIP messages. This type of memory access violation represents a classic buffer over-read condition where the application reads memory locations beyond the allocated buffer boundaries. The flaw stems from inadequate bounds checking during multipart parsing operations, allowing attackers to craft malicious SIP messages that trigger unexpected memory access patterns. This vulnerability falls under the CWE-125 Out-of-Bounds Read classification, which is categorized as a memory safety issue affecting software systems that do not properly validate input boundaries. The attack surface is particularly concerning as it affects all PJSIP users who process SIP multipart content, making it a widespread concern across implementations using this library.

The operational impact of CVE-2022-21723 extends beyond simple memory corruption, potentially enabling attackers to extract sensitive information from memory segments or cause application instability through controlled memory access patterns. When exploited, this vulnerability could lead to information disclosure, denial of service conditions, or potentially more severe consequences depending on the specific implementation and execution environment. The fact that no known workarounds exist makes this vulnerability particularly dangerous for organizations relying on PJSIP for their communication infrastructure. Attackers could leverage this flaw to gain unauthorized access to memory contents, potentially exposing session information, authentication credentials, or other sensitive data. The vulnerability's presence in the core parsing logic means that any application using PJSIP for SIP message processing could be compromised, affecting telephony systems, VoIP services, and multimedia communication platforms that depend on this library.

Mitigation strategies for CVE-2022-21723 require immediate action from affected organizations to upgrade to patched versions of PJSIP, specifically targeting the commit that addresses the multipart parsing issue in the master branch. System administrators should prioritize patch management activities to ensure all PJSIP implementations are updated to versions containing the fix. Organizations should also implement monitoring and logging mechanisms to detect potential exploitation attempts through malformed SIP multipart content. Network segmentation and access controls can provide additional defensive layers, though these do not address the core vulnerability. The ATT&CK framework categorizes this vulnerability under T1190 Exploit Public-Facing Application, as it represents an application-level exploit targeting a publicly accessible communication library. Security teams should conduct thorough vulnerability assessments of their SIP-based systems and consider implementing intrusion detection systems that can identify malformed multipart content patterns. Regular security updates and patch management processes should be strengthened to prevent similar issues from occurring in the future, particularly given the library's widespread use in enterprise communication environments.

Responsible

GitHub, Inc.

Reservation

11/16/2021

Disclosure

01/27/2022

Moderation

accepted

CPE

ready

EPSS

0.04478

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!