CVE-2022-24763
📋 TL;DR
CVE-2022-24763 is a denial-of-service vulnerability in PJSIP's XML parsing functionality that can cause applications to crash or become unresponsive. This affects any application using PJSIP library versions 2.12 and earlier that processes XML data. The vulnerability allows attackers to disrupt communication services by sending specially crafted XML payloads.
💻 Affected Systems
- PJSIP (pjproject)
- Applications using PJSIP library
📦 What is this software?
Pjsip by Pjsip
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption causing communication systems to crash and become unavailable, potentially affecting critical voice/video communication infrastructure.
Likely Case
Service instability and intermittent outages affecting SIP-based communication applications, leading to dropped calls and failed connections.
If Mitigated
Minimal impact with proper network segmentation and input validation, though the core vulnerability remains until patched.
🎯 Exploit Status
The advisory indicates no known workarounds, suggesting exploitation is straightforward once the vulnerability details are understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.12.1 and later
Vendor Advisory: https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4
Restart Required: Yes
Instructions:
1. Update PJSIP to version 2.12.1 or later. 2. Recompile applications using the updated library. 3. Restart all services using PJSIP. 4. Verify the fix by checking the version and testing XML parsing functionality.
🔧 Temporary Workarounds
No official workarounds available
allThe vendor advisory states there are no known workarounds for this vulnerability.
🧯 If You Can't Patch
- Implement network segmentation to isolate PJSIP services from untrusted networks
- Deploy web application firewalls (WAF) with XML parsing protection rules
🔍 How to Verify
Check if Vulnerable:
Check PJSIP version: pkg-config --modversion pjproject or check application's linked library version. If version is 2.12 or earlier and XML parsing is used, the system is vulnerable.Check Version:
pkg-config --modversion pjproject || grep -i pjsip /usr/include/pjlib.h || ldd /path/to/application | grep pjVerify Fix Applied:
Verify PJSIP version is 2.12.1 or later and test XML parsing functionality with various inputs to ensure stability.📡 Detection & Monitoring
Log Indicators:
- Application crashes or abnormal termination of PJSIP processes
- Error messages related to XML parsing failures
- Increased memory usage followed by service failure
Network Indicators:
- Unusual XML payloads sent to SIP ports (typically 5060/5061)
- Multiple connection attempts with malformed SIP messages containing XML
SIEM Query:
source="*pjsip*" AND (event_type="crash" OR error_message="*xml*" OR error_message="*parse*")🔗 References
- https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21
- https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4
- https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
- https://security.gentoo.org/glsa/202210-37
- https://www.debian.org/security/2022/dsa-5285
- https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21
- https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4
- https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
- https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html
- https://security.gentoo.org/glsa/202210-37
- https://www.debian.org/security/2022/dsa-5285
