VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-mt15-xspb-aaaf

Essentials
Severities (115)
References (15)
Severity details (30)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-mt15-xspb-aaaf
Aliases	CVE-2023-27585
Summary	PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-122	Heap-based Buffer Overflow

System	Score	Found at
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00730	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00769	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00999	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00999	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00999	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00999	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00999	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00999	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00999	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00999	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00999	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.00999	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.01543	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
epss	0.05207	https://api.first.org/data/v1/epss?cve=CVE-2023-27585
cvssv3.1	7.5	https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
cvssv3.1	7.5	https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
ssvc	Track	https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
ssvc	Track	https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
cvssv3.1	7.5	https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
cvssv3.1	7.5	https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
ssvc	Track	https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
ssvc	Track	https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
cvssv3.1	7.5	https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
cvssv3.1	7.5	https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
ssvc	Track	https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
ssvc	Track	https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-27585
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-27585
cvssv3.1	7.5	https://www.debian.org/security/2023/dsa-5438
cvssv3.1	7.5	https://www.debian.org/security/2023/dsa-5438
ssvc	Track	https://www.debian.org/security/2023/dsa-5438
ssvc	Track	https://www.debian.org/security/2023/dsa-5438
cvssv3.1	7.5	https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm
cvssv3.1	7.5	https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm
ssvc	Track	https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm
ssvc	Track	https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-27585
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585
		https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
		https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
		https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
		https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html
		https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
		https://www.debian.org/security/2023/dsa-5438
		https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm
1036697		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697
cpe:2.3:a:teluu:pjsip::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:teluu:pjsip::::::::
CVE-2023-27585		https://nvd.nist.gov/vuln/detail/CVE-2023-27585
GLSA-202409-05		https://security.gentoo.org/glsa/202409-05
USN-6422-1		https://usn.ubuntu.com/6422-1/
USN-6422-2		https://usn.ubuntu.com/6422-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/ Found at https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/ Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/ Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/ Found at https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-27585

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-27585

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2023/dsa-5438

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2023/dsa-5438

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/ Found at https://www.debian.org/security/2023/dsa-5438

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/ Found at https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm

Exploit Prediction Scoring System (EPSS)

Percentile	0.57315
EPSS Score	0.00363
Published At	April 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.