Wiz
Vulnerability DatabaseCVE-2022-39269

CVE-2022-39269
NixOS vulnerability analysis and mitigation

Overview

PJSIP, a free and open source multimedia communication library written in C language, was found to contain a critical security vulnerability (CVE-2022-39269) discovered and disclosed on October 6, 2022. The vulnerability affects PJSIP versions from 2.11 up to 2.12.1, with the fix being available in version 2.13 and later (GitHub Advisory).

Technical details

When processing certain packets, PJSIP may incorrectly switch from using SRTP (Secure Real-time Transport Protocol) media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability has been classified as Critical severity, affecting the security of media communications (GitHub Advisory).

Impact

The vulnerability impacts all PJSIP users that use SRTP for secure media transport. When exploited, it can result in a downgrade of the media transport from the secure version (SRTP) to the non-secure one (RTP), potentially exposing the media content to unauthorized access (GitHub Advisory).

Mitigation and workarounds

A patch has been released to address this vulnerability and is available as commit d2acb9a in the master branch. Users are advised to upgrade to PJSIP version 2.13 or later to mitigate this security issue. Various distributions have also released security updates, including Debian and Gentoo, to address this vulnerability (GitHub Advisory, Gentoo Security).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-22783HIGH8.1
  • NixOSNixOS
  • iris
NoYesJan 12, 2026
CVE-2026-0821MEDIUM6.9
  • NixOSNixOS
  • quickjs
NoNoJan 10, 2026
CVE-2025-68949MEDIUM5.3
  • NixOSNixOS
  • n8n
NoYesJan 13, 2026
CVE-2026-22784LOW2.3
  • NixOSNixOS
  • lychee
NoYesJan 12, 2026
CVE-2026-23497LOW1.3
  • NixOSNixOS
  • learning
NoYesJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo