DSA-5438 asterisk – security update

Read Time:24 Second

A flaw was found in Asterisk, an Open Source Private Branch Exchange. A
buffer overflow vulnerability affects users that use PJSIP DNS resolver.
This vulnerability is related to
CVE-2022-24793.
The difference is that this issue is in parsing the query record
`parse_query()`, while the issue in
CVE-2022-24793
is in `parse_rr()`. A workaround is to disable DNS resolution in PJSIP config
(by setting `nameserver_count` to zero) or use an external resolver
implementation instead.

Read More