Published: 06/04/2022 Updated: 30/08/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pjsip pjsip
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #1036697 asterisk: CVE-2023-27585 Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 24 May 2023 12:54:06 UTC Severity: grave Tags: security, upstream Reply or ...

Debian Bug report logs - #1014998 ring: CVE-2021-32686 CVE-2021-37706 CVE-2022-21723 CVE-2022-23608 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2022-21722 CVE-2022-24754 CVE-2022-24763 CVE-2022-24764 CVE-2022-24793 Package: src:ring; Maintainer for src:ring is Debian VoIP Te ...

Debian Bug report logs - #1014976 asterisk: CVE-2022-24764 CVE-2022-24763 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 15 Jul 2022 15:27:01 ...

A flaw was found in Asterisk, an Open Source Private Branch Exchange A buffer overflow vulnerability affects users that use PJSIP DNS resolver This vulnerability is related to CVE-2022-24793 The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()` A workaround is to d ...

Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code Special care should be taken when upgrading to this new upstream release Some configuration files and options have cha ...

CWE-120 https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4 https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html https://security.gentoo.org/glsa/202210-37 https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://www.debian.org/security/2022/dsa-5285 https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697 https://www.debian.org/security/2023/dsa-5438

CVE-2022-24793

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect