CVE-2023-27585

2023-03-1400:00:00

ubuntu.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.9%

JSON

PJSIP is a free and open source multimedia communication library written in
C. A buffer overflow vulnerability in versions 2.13 and prior affects
applications that use PJSIP DNS resolver. It doesn’t affect PJSIP users who
do not utilise PJSIP DNS resolver. This vulnerability is related to
CVE-2022-24793. The difference is that this issue is in parsing the query
record parse_query(), while the issue in CVE-2022-24793 is in
parse_rr(). A patch is available as commit d1c5e4d in the master
branch. A workaround is to disable DNS resolution in PJSIP config (by
setting nameserver_count to zero) or use an external resolver
implementation instead.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchpjproject< anyUNKNOWN
ubuntu16.04noarchpjproject< anyUNKNOWN
ubuntu18.04noarchring< 20180228.1.503da2b~ds1-1ubuntu0.1~esm1UNKNOWN
ubuntu20.04noarchring< 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1UNKNOWN
ubuntu23.04noarchring< 20230206.0~ds1-5ubuntu0.1UNKNOWN
ubuntu23.10noarchring< 20230206.0~ds2-1.3ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	pjproject	< any	UNKNOWN
ubuntu	16.04	noarch	pjproject	< any	UNKNOWN
ubuntu	18.04	noarch	ring	< 20180228.1.503da2b~ds1-1ubuntu0.1~esm1	UNKNOWN
ubuntu	20.04	noarch	ring	< 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1	UNKNOWN
ubuntu	23.04	noarch	ring	< 20230206.0~ds1-5ubuntu0.1	UNKNOWN
ubuntu	23.10	noarch	ring	< 20230206.0~ds2-1.3ubuntu0.1	UNKNOWN