{"id":"CVE-2022-23608","summary":"Use after free in PJSIP","details":"PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.","aliases":["GHSA-ffff-m5fm-qm62"],"modified":"2026-04-11T22:13:41.422646Z","published":"2022-02-22T00:00:00Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-416"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23608.json"},"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23608.json"},{"type":"ADVISORY","url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23608"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-37"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5285"},{"type":"FIX","url":"https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2022/Mar/1"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/asterisk/asterisk","events":[{"introduced":"0"},{"fixed":"d436f568583184a13aa46349af5a3f0907087b44"},{"introduced":"a65908f83e2f17a3aca7eb39c8e06045aca02674"},{"fixed":"c28961a7d88cf065f693d1ea412c3e2b35e6d18e"},{"introduced":"2c1bba3cbec008c8ce35c78a2c79f9f207ea58bc"},{"fixed":"4cf4f5f7076125bc649727540de5922c21e0558f"},{"introduced":"de4f63b4824c91a0cd9f3d95f3b7923bec71960c"},{"fixed":"7eb4edc725d6fa6877d88129d7bf99c0a1604de9"},{"introduced":"0"},{"last_affected":"847f753c4eda5891c4fe77dd7d0341381cb84975"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"16.8.0"},{"introduced":"16.0.0"},{"fixed":"16.24.1"},{"introduced":"18.0.0"},{"fixed":"18.10.1"},{"introduced":"19.0.0"},{"fixed":"19.2.1"},{"introduced":"0"},{"last_affected":"10.0"}]}}],"versions":["10.0.0","10.0.0-rc1","10.0.0-rc2","10.0.0-rc3","16.24.0","16.24.0-rc1","16.8.0-rc1","16.8.0-rc2","18.10.0","18.10.0-rc1","19.2.0","19.2.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23608.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/pjsip/pjproject","events":[{"introduced":"0"},{"fixed":"db3235953baa56d2fb0e276ca510fefca751643f"}]}],"versions":["2.10","2.11"],"database_specific":{"vanir_signatures_modified":"2026-04-11T22:13:41Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23608.json","vanir_signatures":[{"id":"CVE-2022-23608-355230e4","deprecated":false,"source":"https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f","signature_version":"v1","signature_type":"Function","target":{"function":"pjsip_ua_register_dlg","file":"pjsip/src/pjsip/sip_ua_layer.c"},"digest":{"function_hash":"70864365647463181531377157832882948337","length":1293}},{"id":"CVE-2022-23608-72a4e833","deprecated":false,"source":"https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f","signature_version":"v1","signature_type":"Line","target":{"file":"pjsip/src/pjsip/sip_ua_layer.c"},"digest":{"threshold":0.9,"line_hashes":["35044963737909182750976988013543151585","274144572850971968984223178129741964378","327866941129416586371485987256680653042","278964308653987790508818723557346007876","118617777954467364660685834425431110951","39842029878659853167124900145533447634","233583658050670777957317585774738673718","152376793907742555565342316863043999706","81034486586616770828769400067039068473","331762626478723345717002742214489832028","329744869666591730109847079269929734320","100483151796278282844702008557340325697","262966323463297120054712802588079457600","188241175192256331206783565689951138161","106471595696240651924335432149740784991","233583658050670777957317585774738673718","165310500601666153320010031136945376552","152376793907742555565342316863043999706","81034486586616770828769400067039068473","79050953633119509235323932178218138010","265623418085474705873340500298327138396","234472024739533618775547351440906541130","37774906820175420339822954680670494402","268477980689351220442711958497006533322","322982064135337224451875461834467683015","258195686411967309294252780938776064437","266785147904183242574817808076079443858","183780306884699047150813257099414824076","224370694348844285127264539487701550048"]}},{"id":"CVE-2022-23608-c5a425ce","deprecated":false,"source":"https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f","signature_version":"v1","signature_type":"Function","target":{"function":"pjsip_ua_unregister_dlg","file":"pjsip/src/pjsip/sip_ua_layer.c"},"digest":{"function_hash":"211805886419818402529225624580225128528","length":796}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}