ByteOS Network

NVD Vulnerability Details :

CVE-2022-24793

Modified

Source-security-advisories@github.com

Published At-06 Apr, 2022 | 14:15

Updated At-04 Nov, 2025 | 16:15

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:N/A:P

CPE Matches

pjsip>>pjsip>>Versions up to 2.12(inclusive)

cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>9.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>10.0

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>11.0

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-120	Secondary	security-advisories@github.com
CWE-120	Primary	nvd@nist.gov

CWE ID: CWE-120

Type: Secondary

Source: security-advisories@github.com

CWE ID: CWE-120

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a	security-advisories@github.com	Patch Third Party Advisory
https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4	security-advisories@github.com	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html	security-advisories@github.com	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	security-advisories@github.com	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html	security-advisories@github.com	N/A
https://security.gentoo.org/glsa/202210-37	security-advisories@github.com	Third Party Advisory
https://www.debian.org/security/2022/dsa-5285	security-advisories@github.com	Third Party Advisory
https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a	af854a3a-2127-422b-91ae-364da2661108	Patch Third Party Advisory
https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4	af854a3a-2127-422b-91ae-364da2661108	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://security.gentoo.org/glsa/202210-37	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.debian.org/security/2022/dsa-5285	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory