CVE-2022-24754 in PJSIPinfo

Summary

by MITRE • 03/11/2022

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 05/04/2026

The CVE-2022-24754 vulnerability represents a critical stack buffer overflow in the PJSIP multimedia communication library, a widely-used open source component for VoIP and real-time communication systems. This vulnerability specifically affects versions prior to and including 2.12, making it a significant concern for organizations relying on older implementations of this library. The flaw manifests exclusively when PJSIP processes hashed digest credentials, which are authentication mechanisms using the data_type `PJSIP_CRED_DATA_DIGEST`. This targeted nature suggests the vulnerability operates within the specific credential handling subsystem of the library, where authentication data is processed and validated. The vulnerability stems from inadequate input validation when processing digest authentication data, creating a potential exploitation vector for attackers who can manipulate authentication credentials.

The technical implementation of this vulnerability involves a classic stack buffer overflow condition that occurs during the processing of hashed digest credentials. When the library receives authentication data with the digest type, it fails to properly validate the length of the credential data against the expected buffer size. This mismatch allows an attacker to provide credential data that exceeds the allocated buffer space, potentially overwriting adjacent memory locations on the stack. The buffer overflow can result in arbitrary code execution, denial of service conditions, or information disclosure depending on how the overflow affects program execution flow. The vulnerability's impact is directly tied to the specific credential processing pathway, making it less likely to affect systems using alternative authentication methods such as basic authentication or certificate-based authentication.

From an operational standpoint, this vulnerability presents a substantial risk to organizations utilizing PJSIP for VoIP communications, SIP servers, and real-time multimedia applications. The requirement for users to accept hashed digest credentials creates a specific attack surface that could be exploited by malicious actors attempting to compromise communication infrastructure. The vulnerability's exploitation potential increases when considering that many VoIP systems rely on digest authentication for secure communication, particularly in enterprise environments where legacy systems may not have been updated to newer versions. Organizations using older PJSIP versions without proper mitigation measures face potential system compromise, unauthorized access to communication channels, and disruption of critical communication services. The attack vector typically involves sending specially crafted authentication requests containing oversized digest credential data to trigger the buffer overflow condition.

Security practitioners should note that this vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions, and can be mapped to ATT&CK technique T1190 for exploitation of vulnerabilities in communication protocols. The recommended mitigation strategies include immediate upgrade to PJSIP version 2.13 or later where the patch has been implemented. For organizations unable to perform immediate upgrades, the workaround of validating credential data length against `PJSIP_MD5STRLEN` before processing provides a temporary safeguard. Additionally, implementing network monitoring to detect anomalous authentication requests and establishing robust input validation controls within applications using PJSIP can help reduce the risk of exploitation. Organizations should also consider implementing access controls and authentication auditing to detect potential unauthorized access attempts that might exploit this vulnerability. The patch addresses the root cause by ensuring proper bounds checking during digest credential processing, preventing the buffer overflow condition from occurring in the first place.

Responsible

GitHub, Inc.

Reservation

02/10/2022

Disclosure

03/11/2022

Moderation

accepted

CPE

ready

EPSS

0.02016

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!