Buffer Overflow Vulnerability in PJSIP DNS Resolver by PJSIP
CVE-2023-27585

7.5HIGH

Key Information:

Vendor: Pjsip
Status: Pjproject
Vendor: CVE Published:; 14 March 2023

What is CVE-2023-27585?

A buffer overflow vulnerability exists in the DNS resolver of PJSIP, an open-source multimedia communication library, impacting versions 2.13 and earlier. This issue, categorized under parsing the query record in the parse_query() function, does not affect users who do not utilize the PJSIP DNS resolver. A fix is provided in the master branch with commit d1c5e4d. Users are advised to mitigate potential risks by either patching the software or disabling DNS resolution by setting nameserver_count to zero in the PJSIP configuration, or opting for an external DNS resolver.

Affected Version(s)

pjproject <= 2.13

References

https://github.com/pjsip/pjproject/security/advisories/GH...

https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f2...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2023
Vulnerability Reserved
Mar 4, 2023

CVE-2023-27585 Data

JSON

Pjsip

What is CVE-2023-27585?

Affected Version(s)

References

CVSS V3.1

Timeline