CVE-2022-24793
Summary
| CVE | CVE-2022-24793 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-04-06 14:15:00 UTC |
|---|
| Updated | 2023-08-30 01:15:00 UTC |
|---|
| Description | PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Potential heap buffer overflow when parsing DNS packets · Advisory · pjsip/pjproject · GitHub |
CONFIRM |
github.com |
|
| Merge pull request from GHSA-p6g5-v97c-w5q4 · pjsip/pjproject@9fae8f4 · GitHub |
MISC |
github.com |
|
| PJSIP: Multiple Vulnerabilities (GLSA 202210-37) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] [DLA 3036-1] pjproject security update |
MLIST |
lists.debian.org |
|
| [SECURITY] [DLA 3549-1] ring security update |
MLIST |
lists.debian.org |
|
| Debian -- Security Information -- DSA-5285-1 asterisk |
DEBIAN |
www.debian.org |
|
| [SECURITY] [DLA 3194-1] asterisk security update |
MLIST |
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179340 Debian Security Update for pjproject (DLA 3036-1)
- 181225 Debian Security Update for asterisk (DLA 3194-1)
- 181237 Debian Security Update for asterisk (DSA 5285-1)
- 181742 Debian Security Update for asterisk (DLA 3394-1)
- 182332 Debian Security Update for ring (CVE-2022-24793)
- 199817 Ubuntu Security Notification for Ring Vulnerabilities (USN-6422-1)
- 502232 Alpine Linux Security Update for pjproject
- 504293 Alpine Linux Security Update for pjproject
- 6000045 Debian Security Update for ring (DLA 3549-1)
- 6000231 Debian Security Update for asterisk (DSA 5438-1)
- 710674 Gentoo Linux PJSIP Multiple Vulnerabilities (GLSA 202210-37)
