A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record
Continue reading...
parse_query()
, while the issue in CVE-2022-24793 is in parse_rr()
. A workaround is to disable DNS resolution in PJSIP config (by setting nameserver_count
to zero) or use an external resolver implementation instead.Continue reading...