Executive Summary

Informations
Name CVE-2023-38703 First vendor Publication 2023-10-06
Vendor Cve Last vendor Modification 2025-04-10

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 9.8
Base Score 9.8 Environmental Score 9.8
impact SubScore 5.9 Temporal Score 9.8
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-416 Use After Free

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Sources (Detail)

https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d...
https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66
https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2025-05-27 02:22:01
  • Multiple Updates
2025-02-13 21:21:37
  • Multiple Updates
2024-11-28 14:27:59
  • Multiple Updates
2023-12-29 05:27:45
  • Multiple Updates
2023-10-07 05:27:21
  • Multiple Updates
2023-10-06 21:27:28
  • First insertion