{"id":"CVE-2022-24763","summary":"Infinite Loop in PJSIP","details":"PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.","aliases":["GHSA-5x45-qp78-g4p4"],"modified":"2026-04-11T22:13:45.185660Z","published":"2022-03-30T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24763.json","cwe_ids":["CWE-835"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24763.json"},{"type":"ADVISORY","url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24763"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-37"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5285"},{"type":"FIX","url":"https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pjsip/pjproject","events":[{"introduced":"d532ae37883f60ae987fedc8e0969bcc37d299a1"},{"fixed":"856f87c2e97a27b256482dbe0d748b1194355a21"}]}],"database_specific":{"vanir_signatures":[{"target":{"function":"xml_parse_node","file":"pjlib-util/src/pjlib-util/xml.c"},"id":"CVE-2022-24763-010f5c90","signature_type":"Function","digest":{"length":2419,"function_hash":"23112874292123438721122673683301241166"},"deprecated":false,"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21"},{"target":{"file":"pjlib-util/src/pjlib-util/xml.c"},"id":"CVE-2022-24763-1d35935b","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["298137472848914754553705263002548042059","256854082399797273380735969700505730638","151671903702646675619882133541944850855","166700460298304986497664136193760399315"]},"deprecated":false,"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24763.json","vanir_signatures_modified":"2026-04-11T22:13:45Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}