UBUNTU-CVE-2022-24793
- Source
- https://ubuntu.com/security/CVE-2022-24793
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-24793.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-24793
- Related
- Published
- 2022-04-06T14:15:00Z
- Modified
- 2024-10-15T14:09:48Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record
parse_rr(), while the issue in CVE-2023-27585 is inparse_query(). A patch is available in themasterbranch of thepjsip/pjprojectGitHub repository. A workaround is to disable DNS resolution in PJSIP config (by settingnameserver_countto zero) or use an external resolver instead. - References
Affected packages
Ubuntu:Pro:16.04:LTS / pjproject
Package
- Name
- pjproject
- Purl
- pkg:deb/ubuntu/pjproject?arch=src?distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / pjproject
Package
- Name
- pjproject
- Purl
- pkg:deb/ubuntu/pjproject?arch=src?distro=esm-apps/bionic
Ubuntu:Pro:18.04:LTS / ring
Package
- Name
- ring
- Purl
- pkg:deb/ubuntu/ring?arch=src?distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20180228.1.503da2b~ds1-1ubuntu0.1~esm1
Affected versions
20170803.*
20170803.2.5fcfe3f~dfsg1-1
20171024.*
20171024.1.eadbdeb~ds1-1
20171129.*
20171129.2.cf5bbff~ds1-1
20171129.2.cf5bbff~ds1-2
20180119.*
20180119.1.9e06f94~ds1-1
20180119.1.9e06f94~ds1-3
20180222.*
20180222.1.7bffde2~ds2-2
20180228.*
20180228.1.503da2b~ds1-1
20180228.1.503da2b~ds1-1build1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
"binary_name": "ring"
},
{
"binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
"binary_name": "ring-daemon"
},
{
"binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
"binary_name": "ring-daemon-dbgsym"
},
{
"binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
"binary_name": "ring-dbgsym"
}
]
}
Ubuntu:20.04:LTS / ring
Package
- Name
- ring
- Purl
- pkg:deb/ubuntu/ring?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
Affected versions
20190215.*
20190215.1.f152c98~ds1-1
20190215.1.f152c98~ds1-1build1
20190215.1.f152c98~ds1-1build2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "jami"
},
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "jami-daemon"
},
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "jami-daemon-dbgsym"
},
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "jami-dbgsym"
},
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "ring"
},
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "ring-daemon"
}
]
}