CVE-2022-39269 in PJSIP
Summary
by MITRE • 10/06/2022
PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/28/2026
CVE-2022-39269 represents a critical security flaw in PJSIP, a widely-used open-source multimedia communication library implemented in C programming language. This vulnerability specifically targets the Secure Real-time Transport Protocol implementation within PJSIP, creating a scenario where secure media transmission can be inadvertently compromised. The flaw occurs during the processing of certain network packets when the library incorrectly transitions from SRTP media transport back to standard RTP transport during SRTP restart operations, effectively undermining the security assurances that SRTP is designed to provide. This type of vulnerability falls under the category of improper handling of security protocols and can be classified as CWE-310 in the Common Weakness Enumeration framework, which deals with cryptographic issues related to improper implementation of security protocols.
The technical mechanism behind this vulnerability involves the library's state management during SRTP session restarts, where the system fails to maintain consistent security parameters throughout the transition process. When PJSIP encounters specific packet sequences during media stream operations, it executes an incorrect state switch that results in the degradation of encryption security from SRTP to plain RTP. This regression in security posture exposes media streams to potential interception, eavesdropping, and unauthorized access, particularly in environments where secure communications are critical. The vulnerability impacts all users of PJSIP who have implemented SRTP functionality, making it a widespread concern for organizations relying on this communication library for voice and video services. According to ATT&CK framework, this vulnerability relates to T1566.001 - Phishing: Spearphishing Attachment and T1041 - Exfiltration Over C2 Channel, as it creates opportunities for attackers to intercept sensitive communications.
The operational impact of CVE-2022-39269 extends beyond simple data exposure, as it fundamentally compromises the integrity of secure communication channels that organizations depend upon for confidential exchanges. This vulnerability can affect any application built on PJSIP that utilizes SRTP for securing media streams, including VoIP systems, video conferencing platforms, and unified communications solutions. The security degradation from SRTP to RTP means that sensitive information transmitted through these channels becomes vulnerable to man-in-the-middle attacks, packet sniffing, and content manipulation. Organizations using PJSIP for enterprise communications, telephony services, or any scenario requiring secure media transport are at risk. The vulnerability's exploitation requires only specific packet processing conditions, making it particularly concerning as it can be triggered through normal communication operations without requiring special privileges or complex attack vectors.
Mitigation strategies for this vulnerability primarily involve immediate patching or upgrading of affected systems, with the recommended solution being the application of commit d2acb9a from the master branch or upgrading to PJSIP version 2.13. Manual patching is advised for users who cannot immediately upgrade their systems, though this approach requires careful implementation to avoid introducing additional issues. Security administrators should prioritize identifying all systems utilizing PJSIP with SRTP functionality and ensure proper patch deployment across their infrastructure. Organizations should also consider implementing network monitoring to detect potential exploitation attempts and establish procedures for rapid response to security incidents. The lack of known workarounds means that organizations must actively address this vulnerability through official patches or version upgrades, as no temporary mitigations exist that would preserve the security posture while maintaining functionality. Security teams should also review their incident response procedures to ensure readiness for potential exploitation of this vulnerability in their communication environments.