CVE-2022-24793 is a buffer overflow vulnerability classified under CWE-120, affecting the PJSIP pjproject multimedia communication library, specifically versions 2.12 and earlier. PJSIP is widely used for SIP-based VoIP and multimedia communications and is implemented in C. The vulnerability arises in the DNS resolution component of PJSIP, particularly in the function parse_rr(), which processes DNS query records. The flaw is due to a lack of proper bounds checking when copying input data into buffers, leading to a classic buffer overflow scenario. This can result in memory corruption, potentially allowing an attacker to execute arbitrary code, cause application crashes, or disrupt service availability. The vulnerability does not affect users who configure PJSIP to use an external DNS resolver or disable internal DNS resolution by setting the nameserver_count parameter to zero. A patch addressing this issue is available in the master branch of the pjsip/pjproject GitHub repository. This vulnerability is related but distinct from CVE-2023-27585, which affects the parse_query() function. No known exploits have been reported in the wild to date, but the presence of a buffer overflow in a network-facing component represents a significant risk if exploited.

For European organizations, the impact of CVE-2022-24793 can be substantial, especially for those relying on PJSIP-based communication systems such as VoIP infrastructure, unified communications, and multimedia conferencing solutions. Exploitation could lead to unauthorized code execution, enabling attackers to compromise communication servers, intercept or manipulate voice and video traffic, or cause denial of service conditions. This could disrupt critical business communications, impact customer service, and expose sensitive information. Organizations in sectors such as telecommunications, finance, healthcare, and government, which often deploy PJSIP for real-time communications, are particularly at risk. Additionally, since PJSIP is embedded in various commercial and open-source products, the vulnerability's reach may extend beyond direct users to downstream vendors and service providers. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as threat actors may develop exploits over time.

To mitigate this vulnerability, European organizations should prioritize updating PJSIP pjproject to a version beyond 2.12 where the patch is applied. If immediate patching is not feasible, organizations should configure PJSIP to disable its internal DNS resolver by setting the nameserver_count parameter to zero, forcing the use of an external, secure DNS resolver. This configuration change reduces the attack surface by avoiding the vulnerable code path. Additionally, organizations should conduct thorough code audits and penetration testing on their PJSIP implementations to identify any residual risks. Network-level protections such as intrusion detection/prevention systems (IDS/IPS) should be tuned to monitor and alert on anomalous DNS traffic patterns associated with PJSIP services. Vendors and integrators using PJSIP should be engaged to ensure timely updates and to verify that their products incorporate the fix. Finally, maintaining robust endpoint security and network segmentation can limit the impact of any successful exploitation.