 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2022-24793 |
| Description: | PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead. |
| Test IDs: | 1.3.6.1.4.1.25623.1.1.1.2.2023.3394 1.3.6.1.4.1.25623.1.0.893036 1.3.6.1.4.1.25623.1.1.1.1.2023.5438 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2022-24793 https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4 Debian Security Information: DSA-5285 (Google Search) https://www.debian.org/security/2022/dsa-5285 https://security.gentoo.org/glsa/202210-37 https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html |