Skip to main content

CVE-2022-23608: CWE-416: Use After Free in pjsip pjproject

Medium
VulnerabilityCVE-2022-23608cvecve-2022-23608cwe-416-use-after-free
Published: Tue Feb 22 2022 (02/22/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: pjsip
Product: pjproject

Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.

AI-Powered Analysis

AILast updated: 06/23/2025, 16:47:15 UTC

Technical Analysis

CVE-2022-23608 is a use-after-free vulnerability (CWE-416) identified in the pjsip pjproject multimedia communication library, which is widely used for implementing standard protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. The vulnerability affects pjproject versions up to and including 2.11.1. It arises in scenarios involving dialog sets or forking, where multiple User Agent Client (UAC) dialogs share a hash key. When one of these dialogs is destroyed, the shared hash key may be prematurely freed. This premature freeing leads to inconsistent state in the hash table, causing the dialog set to be registered multiple times with different hash keys. The resulting undefined behavior can cause dialog list collisions and may lead to an endless loop during dialog processing. This can severely disrupt the normal operation of SIP-based communication sessions. The vulnerability is rooted in improper memory management, specifically the use of freed memory, which can cause application instability or crashes. Although no known exploits are currently reported in the wild, the vulnerability poses a risk of denial-of-service (DoS) conditions due to endless loops or application crashes. A patch addressing this issue has been committed (commit db3235953baa56d2fb0e276ca510fefca751643f) and is slated for inclusion in the next pjproject release. No workarounds are currently available, making timely patching critical for affected deployments.

Potential Impact

For European organizations, especially those relying on VoIP and multimedia communication systems built on pjproject, this vulnerability can lead to service disruptions. The endless loop or crash conditions can cause denial-of-service, impacting the availability of critical communication infrastructure such as call centers, emergency services, and enterprise telephony systems. This can degrade business operations, customer service, and potentially emergency response capabilities. Furthermore, instability in SIP dialogs may lead to dropped calls or failed session establishments, affecting user experience and operational reliability. While there is no direct evidence of exploitation leading to confidentiality or integrity breaches, the disruption of communication services can have cascading effects on organizational workflows and incident response. Given the widespread use of pjsip in telecommunication equipment and software, the impact could be significant in sectors such as telecommunications, finance, healthcare, and government services across Europe.

Mitigation Recommendations

1. Immediate application of the official patch once released by the pjproject maintainers is the primary mitigation step. Monitor pjproject repositories and vendor advisories for the updated version containing the fix. 2. Conduct an inventory of all systems and applications using pjproject versions up to 2.11.1 to identify affected assets. 3. Where patching is not immediately feasible, consider isolating affected systems from critical network segments to limit potential impact. 4. Implement enhanced monitoring of SIP traffic and application logs to detect abnormal dialog behaviors, such as repeated registrations or looping conditions, which may indicate exploitation attempts or instability. 5. Engage with vendors of telephony and communication products that embed pjproject to ensure they provide timely updates or mitigations. 6. Perform regular backups and ensure incident response plans include scenarios for communication service disruptions. 7. Consider deploying network-level protections such as SIP-aware firewalls or session border controllers that can detect and mitigate anomalous SIP dialog behaviors. These measures can help contain the impact until patches are applied.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2022-01-19T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9842c4522896dcbf2537

Added to database: 5/21/2025, 9:09:22 AM

Last enriched: 6/23/2025, 4:47:15 PM

Last updated: 7/30/2025, 11:31:24 PM

Views: 7

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats