Exploit Report

Computer Security And Bug Information


CVE Title
Published Date2023-03-14T17:15Z
Modified Date2023-03-20T17:15Z
CWE TypeCWE-120
DescriptionPJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
Reference DescriptionMISC https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
Reference URLhttps://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm
Reference DescriptionMISC https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm
Reference URLhttps://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
Reference DescriptionMISC https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
Reference URLhttps://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
Reference DescriptionMISC https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
  • No CVSS data for this CVE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles