CVE-2022-24763: 
NixOS vulnerability analysis and mitigation

PJSIP, a free and open source multimedia communication library written in C language, was found to contain a denial-of-service vulnerability (CVE-2022-24763) affecting versions 2.12 and prior. The vulnerability specifically impacts PJSIP users that consume PJSIP's XML parsing functionality in their applications (GitHub Advisory, NVD).

The vulnerability is classified as a Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability (CWE-835). It received a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability can result in a denial-of-service condition when processing XML content, affecting applications that utilize PJSIP's XML parsing capabilities. The impact is primarily on service availability, with no direct effect on confidentiality or integrity (GitHub Advisory).

Users are advised to upgrade to PJSIP version 2.12.1 or later, which contains the fix for this vulnerability. The patch is available in commit 856f87c in the master branch. There are no known workarounds for this vulnerability (GitHub Advisory, Gentoo Advisory).