Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-38703
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-06 Oct, 2023 | 14:15
Updated At-10 Apr, 2025 | 20:31

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
teluu
teluu
>>pjsip>>Versions up to 2.13.1(inclusive)
cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondarysecurity-advisories@github.com
CWE-416Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0dsecurity-advisories@github.com
Patch
https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66security-advisories@github.com
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00019.htmlsecurity-advisories@github.com
Mailing List
https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0daf854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00019.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Change History
0Changes found
Details not found