From 36417ee5e7a7bc30ff94ef64d1d3f2823ac899ad Mon Sep 17 00:00:00 2001 From: "Shelby J. Cunningham" Date: Mon, 20 Mar 2023 12:32:41 -0400 Subject: [PATCH] Modify CVE-2023-27585 description --- 2023/27xxx/CVE-2023-27585.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2023/27xxx/CVE-2023-27585.json b/2023/27xxx/CVE-2023-27585.json index dc632a8ec6a..6f880f15379 100644 --- a/2023/27xxx/CVE-2023-27585.json +++ b/2023/27xxx/CVE-2023-27585.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead." + "value": "PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead." } ] },