PT-2023-21227 · Pjsip+4 · Pjsip+4

0X34D

Published

2023-03-14

Updated

2025-11-04

CVE-2023-27585

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.13 and prior

Description A buffer overflow issue affects applications using the PJSIP DNS resolver, specifically in the parse query() function. This issue does not impact PJSIP users who do not use the PJSIP DNS resolver.

Recommendations For PJSIP versions 2.13 and prior, apply the patch available as commit d1c5e4d in the master branch. As a temporary workaround, consider disabling DNS resolution in PJSIP config by setting nameserver count to zero. Alternatively, use an external resolver implementation instead of the PJSIP DNS resolver to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-122

Related Identifiers

ALT-PU-2024-15954

ALT-PU-2024-16030

CVE-2023-27585

DLA-3394-1

DLA-3549-1

DLA-3887-1

DSA-5438-1

DSA-5956-1

GHSA-P6G5-V97C-W5Q4

GHSA-Q9CP-8WCQ-7PFR

USN-6422-1

USN-6422-2

Affected Products

Alt Linux

Debian

Linuxmint

Pjsip

Ubuntu

PT-2023-21227 · Pjsip+4 · Pjsip+4

CVE-2023-27585

Weakness Enumeration

Related Identifiers

Affected Products

References · 48