Command and Control
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn’t affect PJSIP users who utilize an external resolver. A patch is available in the
master branch of the
pjsip/pjproject GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting
nameserver_count to zero) or use an external resolver instead.