DSA-5438-1 asterisk -- asteriskID: oval:org.secpod.oval:def:93361 | Date: (C)2023-09-27 (M)2024-01-29 |
Class: PATCH | Family: unix |
A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query`, while the issue in CVE-2022-24793 is in `parse_rr`. A workaround is to disable DNS resolution in PJSIP config or use an external resolver implementation instead.