CVE-2022-31031: 
NixOS vulnerability analysis and mitigation

A stack buffer overflow vulnerability (CVE-2022-31031) was discovered in PJSIP, a free and open source multimedia communication library written in C language. The vulnerability affects PJSIP users that use STUN in their applications, either by setting a STUN server in their account/media config or directly using pjlib-util/stun_simple API. This critical vulnerability was disclosed on June 7, 2022, affecting PJSIP versions 2.12.1 or lower (GitHub Advisory).

The vulnerability is classified as a stack buffer overflow (CWE-121) with a Critical severity rating. The issue occurs in the STUN message parsing functionality when processing STUN attributes. The vulnerability exists in the pjlib-util/stun_simple.c file where there was no proper boundary checking for the number of attributes that could be processed, potentially leading to a buffer overflow condition (GitHub Commit).

If exploited, this vulnerability could allow an attacker to execute arbitrary code on affected systems. The vulnerability affects applications that use STUN functionality in PJSIP, including those at both the PJSUA/PJSUA2 level and those directly using the pjlib-util/stun_simple API (GitHub Advisory).

The vulnerability has been patched in PJSIP version 2.13 and later. Users are advised to upgrade to the patched version. The fix was implemented in commit 450baca in the master branch, which adds proper boundary checking for STUN attribute processing (GitHub Advisory, Gentoo Security).