PJSIP
cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*
- <= 2.16
A heap-based buffer overflow vulnerability has been identified in PJSIP versions 2.16 and below. The issue arises in the DNS parser's name length handler, affecting applications that use PJSIP's built-in DNS resolver. This vulnerability does not impact users who rely on the operating system's resolver or those using an external resolver implementation.
Exploitation of this vulnerability leads to a heap-based buffer overflow, which can commonly result in arbitrary code execution or memory corruption.
Users can upgrade to PJSIP version 2.17, where this vulnerability is patched. For those unable to upgrade, DNS resolution can be disabled in the PJSIP configuration by setting the nameserver_count to zero, or an external resolver implementation can be used instead.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.