Lucene search
GitHub_MCVELIST:CVE-2023-27585HistoryMar 14, 2023 - 12:00 a.m.
CVE-2023-27585
2023-03-1400:00:00
CWE-122
CWE-120
GitHub_M
raw.githubusercontent.com
2
0.005 Low
EPSS
Percentile
76.9%
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn’t affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record parse_query(), while the issue in CVE-2022-24793 is in parse_rr(). A patch is available as commit d1c5e4d in the master branch. A workaround is to disable DNS resolution in PJSIP config (by setting nameserver_count to zero) or use an external resolver implementation instead.
Related
nessus
nessus
Debian DSA-5438-1 : asterisk - security update
2023-06-23 00:00:00
Debian DLA-3394-1 : asterisk - LTS security update
2023-04-25 00:00:00
Ubuntu 23.10 : Ring vulnerabilities (USN-6422-2)
2023-10-24 00:00:00
osv
osv
CVE-2023-27585
2023-03-14 17:15:19
CVE-2022-24793
2022-04-06 14:15:08
ring vulnerabilities
2023-10-24 08:51:49
debiancve
debiancve
CVE-2023-27585
2023-03-14 17:15:19
CVE-2022-24793
2022-04-06 14:15:08
prion
prion
Buffer overflow
2023-03-14 17:15:00
Buffer overflow
2022-04-06 14:15:00
cvelist
cvelist
alpinelinux
alpinelinux
CVE-2023-27585
2023-03-14 17:15:19
CVE-2022-24793
2022-04-06 14:15:08
ubuntucve
ubuntucve
CVE-2023-27585
2023-03-14 00:00:00
CVE-2022-24793
2022-04-06 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3394-1)
2023-04-24 00:00:00
Debian: Security Advisory (DSA-5438-1)
2023-06-26 00:00:00
Debian: Security Advisory (DLA-3036-1)
2022-06-01 00:00:00
cve
cve
CVE-2023-27585
2023-03-14 17:15:19
CVE-2022-24793
2022-04-06 14:15:08
veracode
veracode
Buffer Overflow
2023-03-17 05:10:03
Buffer Overflow
2022-05-14 19:56:16
redos
redos
ROS-20220518-03
2022-05-18 00:00:00
ubuntu
ubuntu
Ring vulnerabilities
2023-10-24 00:00:00
gentoo
gentoo
PJSIP: Multiple Vulnerabilities
2022-10-31 00:00:00
debian
debian
[SECURITY] [DSA 5285-1] asterisk security update
2022-11-17 21:42:58