How severe is CVE-2022-31031?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-31031?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2022-31031 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2006-3100

CRITICAL

CVSS:9.8(Critical)

termpkg 3.3 suffers from buffer overflow.

CWE-1202006

CVE-2006-6024

CRITICAL

CVSS:9.8(Critical)

Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudo...

CWE-1202006

CVE-2009-0948

CRITICAL

CVSS:9.8(Critical)

Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.

CWE-1202009

CVE-2009-5041

CRITICAL

CVSS:9.8(Critical)

overkill has buffer overflow via long player names that can corrupt data on the server machine

CWE-1202009

CVE-2010-1205

CRITICAL

CVSS:9.8(Critical)

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers ...

CWE-1202010

CVE-2010-5333

CRITICAL

CVSS:9.8(Critical)

The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execu...

CWE-1202010