CVE-2023-27585
published 2023-03-14CVE-2023-27585: PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.33%
81.4th percentile
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye) | asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye) |
| debian | asterisk | < asterisk 1:16.28.0~dfsg-0+deb11u3 (bullseye) | asterisk 1:16.28.0~dfsg-0+deb11u3 (bullseye) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | ring | < asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye) | asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye) |
| debian | ring | < asterisk 1:16.28.0~dfsg-0+deb11u3 (bullseye) | asterisk 1:16.28.0~dfsg-0+deb11u3 (bullseye) |
| pjsip | pjproject | <= 2.13 | — |
| pjsip | pjsip | <= 2.12 | — |
| teluu | pjsip | < 2.13 | 2.13 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv9.8CRITICAL
vendor_debian7.5HIGH
vendor_ubuntu7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ring vulnerabilities
osv·2023-10-24·CVSS 9.8
CVE-2021-37706 [CRITICAL] ring vulnerabilities
ring vulnerabilities
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
(CVE-2023-27585)
Original advisory details:
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
I
OSV
ring vulnerabilities
osv·2023-10-09·CVSS 9.8
CVE-2021-37706 [CRITICAL] ring vulnerabilities
ring vulnerabilities
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,
CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723,
CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754,
CVE-2022-24763, CVE-2022-24764, CVE-2022
OSV
CVE-2023-27585: PJSIP is a free and open source multimedia communication library written in C
osv·2023-03-14·CVSS 7.5
CVE-2023-27585 [HIGH] CVE-2023-27585: PJSIP is a free and open source multimedia communication library written in C
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.
OSV
CVE-2022-24793: PJSIP is a free and open source multimedia communication library written in C
osv·2022-04-06·CVSS 7.5
CVE-2022-24793 [HIGH] CVE-2022-24793: PJSIP is a free and open source multimedia communication library written in C
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.
Ubuntu
Ring vulnerabilities
vendor_ubuntu·2023-10-24·CVSS 7.3
CVE-2023-27585 [HIGH] Ring vulnerabilities
Title: Ring vulnerabilities
Summary: Several security issues were fixed in Ring.
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
(CVE-2023-27585)
Original advisory details:
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly
Ubuntu
Ring vulnerabilities
vendor_ubuntu·2023-10-09·CVSS 7.3
CVE-2021-37706 [HIGH] Ring vulnerabilities
Title: Ring vulnerabilities
Summary: Several security issues were fixed in Ring.
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,
CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723,
CVE-2022-23537, CVE-2022-23547, CVE-2022-23
Debian
CVE-2023-27585: asterisk - PJSIP is a free and open source multimedia communication library written in C. A...
vendor_debian·2023·CVSS 7.5
CVE-2023-27585 [HIGH] CVE-2023-27585: asterisk - PJSIP is a free and open source multimedia communication library written in C. A...
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.
Scope: local
bullseye: resolved (fixed in 1:16.28.0~dfsg-0+deb11u3)
sid: resolved (fixed in 1:20.4.0~dfsg+~cs6.13.40431414-1)
Debian
CVE-2022-24793: asterisk - PJSIP is a free and open source multimedia communication library written in C. A...
vendor_debian·2022·CVSS 7.5
CVE-2022-24793 [HIGH] CVE-2022-24793: asterisk - PJSIP is a free and open source multimedia communication library written in C. A...
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.
Scope: local
bullseye: resolved (fixed in 1:16.28.0~dfsg-0+deb11u1)
sid: resolved (fixed in 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1)
No detection rules found.
No public exploits indexed.
arXiv
Real-VulLLM: An LLM Based Assessment Framework in the Wild
arxiv_fulltext·2025-10-05
Real-VulLLM: An LLM Based Assessment Framework in the Wild
Real-VulLLM: An LLM Based Assessment Framework in the Wild
Rijha Safdar, Danyail Mateen, Syed Taha Ali and Wajahat Hussain
R. Safdar, S.T. Ali and W. Hussain are with School of Electrical Engineering and Computer Science, National University of Sciences and Technology, Islamabad, Pakistan, 44000. e-mail: [email protected] ,e-mail: [email protected], email:[email protected]
D. Mateen is with the Department
Computer Science, Fast University, Islamabad,
Pakistan, 44000
## Abstract
Artificial Intelligence (AI) and more specifically Large Language Models (LLMs) have demonstrated exceptional progress in multiple areas including software engineering, however, their capability for vulnerability detection in the wild scenario and its corresponding reasoning remains
arXiv
Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects
arxiv_fulltext·2024-08-19
Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects
Top of the Heap: Efficient Memory Error Protection
of Safe Heap Objects
0
@IEEEauthorhalign
@IEEEauthorhalign
Kaiming Huang
Penn State University
[email protected]
Mathias Payer
EPFL
[email protected]
Zhiyun Qian
UC Riverside
[email protected]
Jack Sampson
Penn State University
[email protected]
\ \ \ \ Gang Tan
\ \ \ \ Penn State University
\ \ \ \ [email protected]
Trent Jaeger
Penn State University
[email protected]
Kaiming Huang
Penn State University
[email protected]
Mathias Payer
EPFL
[email protected]
Zhiyun Qian
UC Riverside
[email protected]
Jack Sampson
Penn State University
[email protected]
Gang Tan
Penn State University
[email protected]
Trent Jaeger
UC Riverside
[email protected]
0
CCSXML
10002978.10003022.10003023
Security and privacy Software
https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfrhttps://lists.debian.org/debian-lts-announce/2023/04/msg00020.htmlhttps://lists.debian.org/debian-lts-announce/2023/08/msg00038.htmlhttps://www.debian.org/security/2023/dsa-5438https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htmhttps://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfrhttps://lists.debian.org/debian-lts-announce/2023/04/msg00020.htmlhttps://lists.debian.org/debian-lts-announce/2023/08/msg00038.htmlhttps://lists.debian.org/debian-lts-announce/2024/09/msg00030.htmlhttps://www.debian.org/security/2023/dsa-5438https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm
2023-03-14
Published