CVE-2023-27585: CWE-122: Heap-based Buffer Overflow in pjsip pjproject
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.
AI Analysis
Technical Summary
CVE-2023-27585 identifies a heap-based buffer overflow vulnerability in the open-source multimedia communication library PJSIP, specifically in the pjproject component versions 2.13 and earlier. The vulnerability arises in the DNS resolver module during the parsing of DNS query records within the parse_query() function. This flaw is related to a previous vulnerability (CVE-2022-24793) but differs in the parsing function affected. The buffer overflow can be triggered remotely without authentication or user interaction, as it involves processing DNS responses. Successful exploitation can cause application crashes, resulting in denial of service (DoS). The vulnerability does not compromise confidentiality or integrity but impacts availability. A patch has been committed to the master branch of the pjproject repository (commit d1c5e4d). As a workaround, disabling the internal DNS resolver by setting the nameserver_count to zero or using an external DNS resolver implementation can mitigate the risk. No public exploits have been reported, but the high CVSS score (7.5) reflects the ease of remote exploitation and the potential for service disruption. This vulnerability is critical for applications relying on PJSIP's DNS resolver, commonly used in VoIP and multimedia communication systems.
Potential Impact
For European organizations, the primary impact of CVE-2023-27585 is the potential denial of service in communication systems that utilize PJSIP's DNS resolver. This can disrupt VoIP services, unified communications, and other multimedia applications dependent on pjproject, leading to operational downtime and degraded service quality. Telecommunications providers, enterprises with internal VoIP infrastructure, and service providers using PJSIP-based solutions are particularly vulnerable. Disruptions in communication services can affect business continuity, customer support, and critical communications, especially in sectors like finance, healthcare, and government. Although the vulnerability does not allow data leakage or code execution, the availability impact can have cascading effects on dependent services and user trust. The lack of known exploits reduces immediate risk, but the ease of exploitation and network exposure necessitate prompt remediation.
Mitigation Recommendations
Organizations should immediately update pjproject to the latest patched version containing commit d1c5e4d to address the vulnerability. If patching is not immediately feasible, configure PJSIP to disable its internal DNS resolver by setting the nameserver_count parameter to zero, forcing the use of an external, secure DNS resolver implementation. Network-level protections such as firewall rules to restrict DNS traffic to trusted resolvers can reduce exposure. Monitoring and logging DNS resolver activity within PJSIP-enabled applications can help detect anomalous behavior. Additionally, organizations should review their VoIP and multimedia communication architectures to identify and isolate vulnerable components. Regular vulnerability scanning and integration of PJSIP updates into patch management workflows will prevent recurrence. Finally, educating developers and system administrators about secure configuration of PJSIP components will enhance long-term security posture.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Poland
CVE-2023-27585: CWE-122: Heap-based Buffer Overflow in pjsip pjproject
Description
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.
AI-Powered Analysis
Technical Analysis
CVE-2023-27585 identifies a heap-based buffer overflow vulnerability in the open-source multimedia communication library PJSIP, specifically in the pjproject component versions 2.13 and earlier. The vulnerability arises in the DNS resolver module during the parsing of DNS query records within the parse_query() function. This flaw is related to a previous vulnerability (CVE-2022-24793) but differs in the parsing function affected. The buffer overflow can be triggered remotely without authentication or user interaction, as it involves processing DNS responses. Successful exploitation can cause application crashes, resulting in denial of service (DoS). The vulnerability does not compromise confidentiality or integrity but impacts availability. A patch has been committed to the master branch of the pjproject repository (commit d1c5e4d). As a workaround, disabling the internal DNS resolver by setting the nameserver_count to zero or using an external DNS resolver implementation can mitigate the risk. No public exploits have been reported, but the high CVSS score (7.5) reflects the ease of remote exploitation and the potential for service disruption. This vulnerability is critical for applications relying on PJSIP's DNS resolver, commonly used in VoIP and multimedia communication systems.
Potential Impact
For European organizations, the primary impact of CVE-2023-27585 is the potential denial of service in communication systems that utilize PJSIP's DNS resolver. This can disrupt VoIP services, unified communications, and other multimedia applications dependent on pjproject, leading to operational downtime and degraded service quality. Telecommunications providers, enterprises with internal VoIP infrastructure, and service providers using PJSIP-based solutions are particularly vulnerable. Disruptions in communication services can affect business continuity, customer support, and critical communications, especially in sectors like finance, healthcare, and government. Although the vulnerability does not allow data leakage or code execution, the availability impact can have cascading effects on dependent services and user trust. The lack of known exploits reduces immediate risk, but the ease of exploitation and network exposure necessitate prompt remediation.
Mitigation Recommendations
Organizations should immediately update pjproject to the latest patched version containing commit d1c5e4d to address the vulnerability. If patching is not immediately feasible, configure PJSIP to disable its internal DNS resolver by setting the nameserver_count parameter to zero, forcing the use of an external, secure DNS resolver implementation. Network-level protections such as firewall rules to restrict DNS traffic to trusted resolvers can reduce exposure. Monitoring and logging DNS resolver activity within PJSIP-enabled applications can help detect anomalous behavior. Additionally, organizations should review their VoIP and multimedia communication architectures to identify and isolate vulnerable components. Regular vulnerability scanning and integration of PJSIP updates into patch management workflows will prevent recurrence. Finally, educating developers and system administrators about secure configuration of PJSIP components will enhance long-term security posture.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2023-03-04T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a2ddcf0ba78a050535aa6
Added to database: 11/4/2025, 4:46:20 PM
Last enriched: 11/4/2025, 4:49:44 PM
Last updated: 11/6/2025, 12:53:25 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-11268: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpchill Strong Testimonials
MediumCVE-2025-12360: CWE-285 Improper Authorization in codesolz Better Find and Replace – AI-Powered Suggestions
MediumCVE-2025-10259: CWE-1284 Improper Validation of Specified Quantity in Input in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/ES
MediumCVE-2025-12471: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nerdpressteam Hubbub Lite – Fast, free social sharing and follow buttons
MediumCVE-2025-9338: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer in ASUS Armoury Crate
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.