Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-21722
CVE-2022-21722:
NixOS vulnerability analysis and mitigation
Overview
CVE-2022-21722 affects PJSIP (PJPROJECT), a free and open source multimedia communication library, in version 2.11.1 and prior. The vulnerability was discovered and disclosed in January 2022, impacting systems that use PJMEDIA and accept incoming RTP/RTCP packets (GitHub Advisory).
Technical details
The vulnerability involves various cases where certain incoming RTP/RTCP packets can potentially cause out-of-bound read access during packet parsing. This security flaw affects the RTP/RTCP parsing functionality in the PJMEDIA component (GitHub Advisory, NVD).
Impact
The vulnerability affects all users that use PJMEDIA and accept incoming RTP/RTCP packets. If exploited, it could lead to information disclosure through out-of-bounds read access, potentially causing denial of service conditions (GitHub Advisory, Ubuntu Notice).
Mitigation and workarounds
The vulnerability has been patched in version 2.12 and later releases of PJSIP. The fix is available as commit 22af44e in the master branch. Users are recommended to upgrade to the patched version to mitigate this vulnerability (GitHub Advisory, Gentoo Security).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management