Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-27585

Опубликовано: 14 мар. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.5

Описание

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record parse_query(), while the issue in CVE-2022-24793 is in parse_rr(). A patch is available as commit d1c5e4d in the master branch. A workaround is to disable DNS resolution in PJSIP config (by setting nameserver_count to zero) or use an external resolver implementation instead.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
esm-apps/bionic

needs-triage

esm-apps/xenial

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

trusty

ignored

end of standard support
upstream

needs-triage

xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

esm-apps/bionic

released

20180228.1.503da2b~ds1-1ubuntu0.1~esm1
esm-apps/focal

released

20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
focal

released

20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
impish

ignored

end of life
lunar

released

20230206.0~ds1-5ubuntu0.1
mantic

released

20230206.0~ds2-1.3ubuntu0.1
noble

DNE

oracular

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 62%
0.00436
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-27585

CVSS3: 7.5
nvd
почти 3 года назад

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.

debian логотип

CVE-2023-27585

CVSS3: 7.5
debian
почти 3 года назад

PJSIP is a free and open source multimedia communication library writt ...

EPSS

Процентиль: 62%
0.00436
Низкий

7.5 High

CVSS3