CVE-2023-27585 (PJSIP DNS resolver)

I stumbled upon NVD - CVE-2023-27585 and I am not sure how dangerous this thing is and how much my current 18.15.1 with bundled PJSIP 2.12.1 is affected.

The advisory says “It doesn’t affect PJSIP users who do not utilise PJSIP DNS resolver” and " A workaround is to disable DNS resolution in PJSIP config". But I am not sure if PJSIP DNS resolver is in use (I don’t use dnsmgr if that’s the case) nor how to disable it.

Thanks for any clarification.

We don’t use the PJSIP DNS resolver. We use our own. The external resolver support actually came from us.

1 Like

Hi Joshua,

Thank you so much for the quick reply.

Since it is no asterisk problem then it’s sad that debian filed an asterisk vulnerability for that

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.