Headline
CVE-2023-27585: Merge pull request from GHSA-q9cp-8wcq-7pfr · pjsip/pjproject@d1c5e4d
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn’t affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. A patch is available as commit d1c5e4d in the master branch. A workaround is to disable DNS resolution in PJSIP config (by setting nameserver_count to zero) or use an external resolver implementation instead.
@@ -127,6 +127,9 @@ static pj_status_t get_name_len(int rec_counter, const pj_uint8_t *pkt,
return PJLIB_UTIL_EDNSINNAMEPTR;
}
if (start >= max)
return PJLIB_UTIL_EDNSINNAMEPTR;
*name_len = *parsed_len = 0;
p = start;
while (*p) {
@@ -199,6 +202,9 @@ static pj_status_t get_name(int rec_counter, const pj_uint8_t *pkt,
return PJLIB_UTIL_EDNSINNAMEPTR;
}
if (start >= max)
return PJLIB_UTIL_EDNSINNAMEPTR;
p = start;
while (*p) {
if ((*p & 0xc0) == 0xc0) {
@@ -359,10 +365,14 @@ static pj_status_t parse_rr(pj_dns_parsed_rr *rr, pj_pool_t *pool,
/* Parse some well known records */
if (rr->type == PJ_DNS_TYPE_A) {
if (p + 4 > max)
return PJLIB_UTIL_EDNSINSIZE;
pj_memcpy(&rr->rdata.a.ip_addr, p, 4);
p += 4;
} else if (rr->type == PJ_DNS_TYPE_AAAA) {
if (p + 16 > max)
return PJLIB_UTIL_EDNSINSIZE;
pj_memcpy(&rr->rdata.aaaa.ip_addr, p, 16);
p += 16;
@@ -388,6 +398,8 @@ static pj_status_t parse_rr(pj_dns_parsed_rr *rr, pj_pool_t *pool,
p += name_part_len;
} else if (rr->type == PJ_DNS_TYPE_SRV) {
if (p + 6 > max)
return PJLIB_UTIL_EDNSINSIZE;
/* Priority */
pj_memcpy(&rr->rdata.srv.prio, p, 2);
Related news
Ubuntu Security Notice 6422-2 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6422-1 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Debian Linux Security Advisory 5438-1 - A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record parse_query(), while the issue in CVE-2022-24793 is in parse_rr(). A workaround is to disable DNS resolution in PJSIP config (by setting nameserver_count to zero) or use an external resolver implementation instead.