| Package | pjproject |
|---|---|
| Version | 2.5.5~dfsg-6+deb9u9 (stretch) |
| Related CVEs | CVE-2023-27585 |
PJSIP is a free and open source multimedia communication library written in C.
A buffer overflow vulnerability affects applications that use PJSIP DNS
resolver. It doesn’t affect PJSIP users who do not utilise PJSIP DNS resolver.
This vulnerability is related to CVE-2022-24793. The difference is that this
issue is in parsing the query record parse_query(), while the issue in
CVE-2022-24793 is in parse_rr(). A workaround is to disable DNS resolution in
PJSIP config (by setting nameserver_count to zero) or use an external
resolver implementation instead.
For Debian 9 stretch, these problems have been fixed in version 2.5.5~dfsg-6+deb9u9.
We recommend that you upgrade your pjproject packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.