PT-2023-21227 · Pjsip+4 · Pjsip+4

0X34D

Publicado

2023-03-14

Atualizado

2025-11-04

CVE-2023-27585

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.13 and prior

Description A buffer overflow issue affects applications using the PJSIP DNS resolver, specifically in the parse query() function. This issue does not impact PJSIP users who do not use the PJSIP DNS resolver.

Recommendations For PJSIP versions 2.13 and prior, apply the patch available as commit d1c5e4d in the master branch. As a temporary workaround, consider disabling DNS resolution in PJSIP config by setting nameserver count to zero. Alternatively, use an external resolver implementation instead of the PJSIP DNS resolver to minimize the risk of exploitation.

Exploit

Correção

Buffer Overflow

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-120CWE-122

Identificadores relacionados

ALT-PU-2024-15954

ALT-PU-2024-16030

CVE-2023-27585

DLA-3394-1

DLA-3549-1

DLA-3887-1

DSA-5438-1

DSA-5956-1

GHSA-P6G5-V97C-W5Q4

GHSA-Q9CP-8WCQ-7PFR

USN-6422-1

USN-6422-2

Produtos afetados

Alt Linux

Debian

Linuxmint

Pjsip

Ubuntu

PT-2023-21227 · Pjsip+4 · Pjsip+4

CVE-2023-27585

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 48