"The vulnerability affects applications that uses PJSIP DNS resolver, e.g: in PJSUA/PJSUA2 configured via pjsua_config.nameserver or UaConfig.nameserver. It doesn't affect PJSIP users that does not utilises PJSIP DNS resolver, i.e: one of the following: not configuring nameserver in PJSUA/PJSUA2 (as described above), so the library will use the OS resolver such as via getaddrinfo(), or using an external resolver implementation, i.e: configured using pjsip_resolver_set_ext_resolver(). Also related to GHSA-p6g5-v97c-w5q4. (The difference is that this issue occurs when parsing RR record parse_rr(), while the issue in GHSA-p6g5-v97c-w5q4 is in parsing the query record parse_query())." Note that there are two other vulnerabilities that are officially fixed by upstream in 2.13.1 which we already resolved with bug 887559. This fix is in 2.13.1, please stabilize.
