Search criteria
83 vulnerabilities found for asterisk by sangoma
CVE-2026-23741 (GCVE-0-2026-23741)
Vulnerability from nvd – Published: 2026-02-06 16:47 – Updated: 2026-02-06 17:26
VLAI?
Title
ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:22:49.844752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:26:22.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 23.2.2"
},
{
"status": "affected",
"version": "\u003c 22.8.2"
},
{
"status": "affected",
"version": "\u003c 21.12.1"
},
{
"status": "affected",
"version": "\u003c 20.18.2"
},
{
"status": "affected",
"version": "\u003c 20.7-cert9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:47:19.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3"
}
],
"source": {
"advisory": "GHSA-rvch-3jmx-3jf3",
"discovery": "UNKNOWN"
},
"title": "ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23741",
"datePublished": "2026-02-06T16:47:19.611Z",
"dateReserved": "2026-01-15T15:45:01.958Z",
"dateUpdated": "2026-02-06T17:26:22.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23740 (GCVE-0-2026-23740)
Vulnerability from nvd – Published: 2026-02-06 16:43 – Updated: 2026-02-06 19:11
VLAI?
Title
Asterisk vulnerable to potential privilege escalation
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-23740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:11:52.277402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:11:55.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 23.2.2"
},
{
"status": "affected",
"version": "\u003c 22.8.2"
},
{
"status": "affected",
"version": "\u003c 21.12.1"
},
{
"status": "affected",
"version": "\u003c 20.18.2"
},
{
"status": "affected",
"version": "\u003c 20.7-cert9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:43:52.278Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c"
}
],
"source": {
"advisory": "GHSA-xpc6-x892-v83c",
"discovery": "UNKNOWN"
},
"title": "Asterisk vulnerable to potential privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23740",
"datePublished": "2026-02-06T16:43:41.330Z",
"dateReserved": "2026-01-15T15:45:01.958Z",
"dateUpdated": "2026-02-06T19:11:55.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23739 (GCVE-0-2026-23739)
Vulnerability from nvd – Published: 2026-02-06 16:42 – Updated: 2026-02-06 17:37
VLAI?
Title
Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can allow an attacker to trigger XML External Entity (XXE) or XInclude-based local file disclosure, potentially exposing sensitive files from the host system. This can also be triggered in other cases in which the user is able to supply input in xml format that triggers the asterisk process to parse it. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Severity ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:36:34.440710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:22.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 23.2.2"
},
{
"status": "affected",
"version": "\u003c 22.8.2"
},
{
"status": "affected",
"version": "\u003c 21.12.1"
},
{
"status": "affected",
"version": "\u003c 20.18.2"
},
{
"status": "affected",
"version": "\u003c 20.7-cert9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can allow an attacker to trigger XML External Entity (XXE) or XInclude-based local file disclosure, potentially exposing sensitive files from the host system. This can also be triggered in other cases in which the user is able to supply input in xml format that triggers the asterisk process to parse it. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:42:25.816Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42"
}
],
"source": {
"advisory": "GHSA-85x7-54wr-vh42",
"discovery": "UNKNOWN"
},
"title": "Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23739",
"datePublished": "2026-02-06T16:42:25.816Z",
"dateReserved": "2026-01-15T15:45:01.957Z",
"dateUpdated": "2026-02-06T17:37:22.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23738 (GCVE-0-2026-23738)
Vulnerability from nvd – Published: 2026-02-06 16:41 – Updated: 2026-02-06 17:44
VLAI?
Title
The Asterisk embedded web server 's /httpstatus page echos user supplied values(cookie and query string) without sanitization
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:43:40.418371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:44:20.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 23.2.2"
},
{
"status": "affected",
"version": "\u003c 22.8.2"
},
{
"status": "affected",
"version": "\u003c 21.12.1"
},
{
"status": "affected",
"version": "\u003c 20.18.2"
},
{
"status": "affected",
"version": "\u003c 20.7-cert9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:41:43.769Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh"
}
],
"source": {
"advisory": "GHSA-v6hp-wh3r-cwxh",
"discovery": "UNKNOWN"
},
"title": "The Asterisk embedded web server \u0027s /httpstatus page echos user supplied values(cookie and query string) without sanitization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23738",
"datePublished": "2026-02-06T16:41:43.769Z",
"dateReserved": "2026-01-15T15:45:01.957Z",
"dateUpdated": "2026-02-06T17:44:20.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1131 (GCVE-0-2025-1131)
Vulnerability from nvd – Published: 2025-09-23 04:31 – Updated: 2025-11-03 17:31
VLAI?
Title
Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation
Summary
A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.
Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
Credits
Abdul Mhanni
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1131",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T03:55:14.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:31:42.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"safe_asterisk /etc/asterisk/startup.d"
],
"platforms": [
"Linux",
"MacOS"
],
"product": "Asterisk",
"programFiles": [
"safe_asterisk"
],
"repo": "https://github.com/asterisk/asterisk",
"vendor": "Asterisk",
"versions": [
{
"status": "affected",
"version": "Asterisk \u003c=18.26.2",
"versionType": "custom"
},
{
"status": "affected",
"version": "Asterisk \u003c= 20.15.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "Asterisk \u003c= 21.10.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "Asterisk \u003c= 22.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdul Mhanni"
}
],
"datePublic": "2025-08-01T05:23:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA local privilege escalation vulnerability exists in the \u003ccode\u003esafe_asterisk\u003c/code\u003e script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all \u003ccode\u003e.sh\u003c/code\u003e files located in \u003ccode\u003e/etc/asterisk/startup.d/\u003c/code\u003e \u003cstrong\u003eas root\u003c/strong\u003e, without validating ownership or permissions.\u003c/p\u003e\n\u003cp\u003eNon-root users with legitimate write access to \u003ccode\u003e/etc/asterisk\u003c/code\u003e can exploit this behaviour by placing malicious scripts in the \u003ccode\u003estartup.d\u003c/code\u003e directory, which will then execute with root privileges upon service restart.\u003c/p\u003e"
}
],
"value": "A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.\n\n\nNon-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/V:C/RE:H/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T04:31:02.784Z",
"orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
"shortName": "Gridware"
},
"references": [
{
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
"assignerShortName": "Gridware",
"cveId": "CVE-2025-1131",
"datePublished": "2025-09-23T04:31:02.784Z",
"dateReserved": "2025-02-08T04:11:43.201Z",
"dateUpdated": "2025-11-03T17:31:42.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57767 (GCVE-0-2025-57767)
Vulnerability from nvd – Published: 2025-08-28 15:33 – Updated: 2025-08-28 17:12
VLAI?
Title
Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds.
Severity ?
7.5 (High)
CWE
- CWE-253 - Incorrect Check of Function Return Value
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:12:27.086945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:12:35.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 22.5.2"
},
{
"status": "affected",
"version": "\u003c 21.10.2"
},
{
"status": "affected",
"version": "\u003c 20.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn\u0027t in a previous 401 response\u0027s WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn\u0027t being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "CWE-253: Incorrect Check of Function Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T15:33:00.087Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j"
},
{
"name": "https://github.com/asterisk/asterisk/pull/1407",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/1407"
},
{
"name": "https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f"
}
],
"source": {
"advisory": "GHSA-64qc-9x89-rx5j",
"discovery": "UNKNOWN"
},
"title": "Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57767",
"datePublished": "2025-08-28T15:33:00.087Z",
"dateReserved": "2025-08-19T15:16:22.917Z",
"dateUpdated": "2025-08-28T17:12:35.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54995 (GCVE-0-2025-54995)
Vulnerability from nvd – Published: 2025-08-28 15:08 – Updated: 2025-11-03 17:45
VLAI?
Title
Asterisk remotely exploitable leak of RTP UDP ports and internal resources
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54995",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T18:53:35.935192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:54:20.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:15.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.26.4"
},
{
"status": "affected",
"version": "\u003c 18.9-cert17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T15:08:04.468Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2"
},
{
"name": "https://github.com/asterisk/asterisk/pull/1405",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/1405"
},
{
"name": "https://github.com/asterisk/asterisk/pull/1406",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/1406"
},
{
"name": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9"
},
{
"name": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d"
}
],
"source": {
"advisory": "GHSA-557q-795j-wfx2",
"discovery": "UNKNOWN"
},
"title": "Asterisk remotely exploitable leak of RTP UDP ports and internal resources"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54995",
"datePublished": "2025-08-28T15:08:04.468Z",
"dateReserved": "2025-08-04T17:34:24.420Z",
"dateUpdated": "2025-11-03T17:45:15.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49832 (GCVE-0-2025-49832)
Vulnerability from nvd – Published: 2025-08-01 17:57 – Updated: 2025-08-01 18:29
VLAI?
Title
Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1.
Severity ?
6.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T18:28:56.826749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T18:29:18.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.26.3"
},
{
"status": "affected",
"version": "\u003e= 20.00.0, \u003c 20.15.1"
},
{
"status": "affected",
"version": "\u003e= 21.00.0, \u003c 21.10.1"
},
{
"status": "affected",
"version": "\u003e= 22.00.0, \u003c 22.5.1"
},
{
"status": "affected",
"version": "\u003e= 20.7-cert6, \u003c 20.7-cert7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T17:57:29.933Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr"
}
],
"source": {
"advisory": "GHSA-mrq5-74j5-f5cr",
"discovery": "UNKNOWN"
},
"title": "Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49832",
"datePublished": "2025-08-01T17:57:29.933Z",
"dateReserved": "2025-06-11T14:33:57.799Z",
"dateUpdated": "2025-08-01T18:29:18.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47780 (GCVE-0-2025-47780)
Vulnerability from nvd – Published: 2025-05-22 16:56 – Updated: 2025-11-03 20:04
VLAI?
Title
cli_permissions.conf: deny option does not work for disallowing shell commands
Summary
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:24:44.875844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:25:09.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:04:38.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.9-cert14"
},
{
"status": "affected",
"version": "\u003e= 18.10, \u003c 18.26.2"
},
{
"status": "affected",
"version": "\u003e= 20.0, \u003c 20.7-cert5"
},
{
"status": "affected",
"version": "\u003e= 20.8, \u003c 20.14.1"
},
{
"status": "affected",
"version": "\u003e= 21.0, \u003c 21.9.1"
},
{
"status": "affected",
"version": "\u003e= 22.0, \u003c 22.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:56:28.937Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2"
}
],
"source": {
"advisory": "GHSA-c7p6-7mvq-8jq2",
"discovery": "UNKNOWN"
},
"title": "cli_permissions.conf: deny option does not work for disallowing shell commands"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47780",
"datePublished": "2025-05-22T16:56:28.937Z",
"dateReserved": "2025-05-09T19:49:35.620Z",
"dateUpdated": "2025-11-03T20:04:38.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47779 (GCVE-0-2025-47779)
Vulnerability from nvd – Published: 2025-05-22 16:54 – Updated: 2025-11-03 20:04
VLAI?
Title
Using malformed From header can forge identity with ";" or NULL in name portion
Summary
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
Severity ?
7.7 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47779",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:25:58.891881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:26:57.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:04:36.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.9-cert14"
},
{
"status": "affected",
"version": "\u003e= 18.10, \u003c 18.26.2"
},
{
"status": "affected",
"version": "\u003e= 20.0, \u003c 20.7-cert5"
},
{
"status": "affected",
"version": "\u003e= 20.8, \u003c 20.14.1"
},
{
"status": "affected",
"version": "\u003e= 21.0, \u003c 21.9.1"
},
{
"status": "affected",
"version": "\u003e= 22.0, \u003c 22.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-140",
"description": "CWE-140: Improper Neutralization of Delimiters",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-792",
"description": "CWE-792: Incomplete Filtering of One or More Instances of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:54:26.314Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample"
}
],
"source": {
"advisory": "GHSA-2grh-7mhv-fcfw",
"discovery": "UNKNOWN"
},
"title": "Using malformed From header can forge identity with \";\" or NULL in name portion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47779",
"datePublished": "2025-05-22T16:54:26.314Z",
"dateReserved": "2025-05-09T19:49:35.620Z",
"dateUpdated": "2025-11-03T20:04:36.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23741 (GCVE-0-2026-23741)
Vulnerability from cvelistv5 – Published: 2026-02-06 16:47 – Updated: 2026-02-06 17:26
VLAI?
Title
ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:22:49.844752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:26:22.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 23.2.2"
},
{
"status": "affected",
"version": "\u003c 22.8.2"
},
{
"status": "affected",
"version": "\u003c 21.12.1"
},
{
"status": "affected",
"version": "\u003c 20.18.2"
},
{
"status": "affected",
"version": "\u003c 20.7-cert9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:47:19.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3"
}
],
"source": {
"advisory": "GHSA-rvch-3jmx-3jf3",
"discovery": "UNKNOWN"
},
"title": "ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23741",
"datePublished": "2026-02-06T16:47:19.611Z",
"dateReserved": "2026-01-15T15:45:01.958Z",
"dateUpdated": "2026-02-06T17:26:22.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23740 (GCVE-0-2026-23740)
Vulnerability from cvelistv5 – Published: 2026-02-06 16:43 – Updated: 2026-02-06 19:11
VLAI?
Title
Asterisk vulnerable to potential privilege escalation
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-23740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:11:52.277402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:11:55.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 23.2.2"
},
{
"status": "affected",
"version": "\u003c 22.8.2"
},
{
"status": "affected",
"version": "\u003c 21.12.1"
},
{
"status": "affected",
"version": "\u003c 20.18.2"
},
{
"status": "affected",
"version": "\u003c 20.7-cert9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:43:52.278Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c"
}
],
"source": {
"advisory": "GHSA-xpc6-x892-v83c",
"discovery": "UNKNOWN"
},
"title": "Asterisk vulnerable to potential privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23740",
"datePublished": "2026-02-06T16:43:41.330Z",
"dateReserved": "2026-01-15T15:45:01.958Z",
"dateUpdated": "2026-02-06T19:11:55.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23739 (GCVE-0-2026-23739)
Vulnerability from cvelistv5 – Published: 2026-02-06 16:42 – Updated: 2026-02-06 17:37
VLAI?
Title
Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can allow an attacker to trigger XML External Entity (XXE) or XInclude-based local file disclosure, potentially exposing sensitive files from the host system. This can also be triggered in other cases in which the user is able to supply input in xml format that triggers the asterisk process to parse it. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Severity ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:36:34.440710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:22.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 23.2.2"
},
{
"status": "affected",
"version": "\u003c 22.8.2"
},
{
"status": "affected",
"version": "\u003c 21.12.1"
},
{
"status": "affected",
"version": "\u003c 20.18.2"
},
{
"status": "affected",
"version": "\u003c 20.7-cert9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can allow an attacker to trigger XML External Entity (XXE) or XInclude-based local file disclosure, potentially exposing sensitive files from the host system. This can also be triggered in other cases in which the user is able to supply input in xml format that triggers the asterisk process to parse it. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:42:25.816Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42"
}
],
"source": {
"advisory": "GHSA-85x7-54wr-vh42",
"discovery": "UNKNOWN"
},
"title": "Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23739",
"datePublished": "2026-02-06T16:42:25.816Z",
"dateReserved": "2026-01-15T15:45:01.957Z",
"dateUpdated": "2026-02-06T17:37:22.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23738 (GCVE-0-2026-23738)
Vulnerability from cvelistv5 – Published: 2026-02-06 16:41 – Updated: 2026-02-06 17:44
VLAI?
Title
The Asterisk embedded web server 's /httpstatus page echos user supplied values(cookie and query string) without sanitization
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:43:40.418371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:44:20.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 23.2.2"
},
{
"status": "affected",
"version": "\u003c 22.8.2"
},
{
"status": "affected",
"version": "\u003c 21.12.1"
},
{
"status": "affected",
"version": "\u003c 20.18.2"
},
{
"status": "affected",
"version": "\u003c 20.7-cert9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:41:43.769Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh"
}
],
"source": {
"advisory": "GHSA-v6hp-wh3r-cwxh",
"discovery": "UNKNOWN"
},
"title": "The Asterisk embedded web server \u0027s /httpstatus page echos user supplied values(cookie and query string) without sanitization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23738",
"datePublished": "2026-02-06T16:41:43.769Z",
"dateReserved": "2026-01-15T15:45:01.957Z",
"dateUpdated": "2026-02-06T17:44:20.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1131 (GCVE-0-2025-1131)
Vulnerability from cvelistv5 – Published: 2025-09-23 04:31 – Updated: 2025-11-03 17:31
VLAI?
Title
Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation
Summary
A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.
Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
Credits
Abdul Mhanni
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1131",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T03:55:14.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:31:42.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"safe_asterisk /etc/asterisk/startup.d"
],
"platforms": [
"Linux",
"MacOS"
],
"product": "Asterisk",
"programFiles": [
"safe_asterisk"
],
"repo": "https://github.com/asterisk/asterisk",
"vendor": "Asterisk",
"versions": [
{
"status": "affected",
"version": "Asterisk \u003c=18.26.2",
"versionType": "custom"
},
{
"status": "affected",
"version": "Asterisk \u003c= 20.15.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "Asterisk \u003c= 21.10.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "Asterisk \u003c= 22.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdul Mhanni"
}
],
"datePublic": "2025-08-01T05:23:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA local privilege escalation vulnerability exists in the \u003ccode\u003esafe_asterisk\u003c/code\u003e script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all \u003ccode\u003e.sh\u003c/code\u003e files located in \u003ccode\u003e/etc/asterisk/startup.d/\u003c/code\u003e \u003cstrong\u003eas root\u003c/strong\u003e, without validating ownership or permissions.\u003c/p\u003e\n\u003cp\u003eNon-root users with legitimate write access to \u003ccode\u003e/etc/asterisk\u003c/code\u003e can exploit this behaviour by placing malicious scripts in the \u003ccode\u003estartup.d\u003c/code\u003e directory, which will then execute with root privileges upon service restart.\u003c/p\u003e"
}
],
"value": "A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.\n\n\nNon-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/V:C/RE:H/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T04:31:02.784Z",
"orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
"shortName": "Gridware"
},
"references": [
{
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
"assignerShortName": "Gridware",
"cveId": "CVE-2025-1131",
"datePublished": "2025-09-23T04:31:02.784Z",
"dateReserved": "2025-02-08T04:11:43.201Z",
"dateUpdated": "2025-11-03T17:31:42.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57767 (GCVE-0-2025-57767)
Vulnerability from cvelistv5 – Published: 2025-08-28 15:33 – Updated: 2025-08-28 17:12
VLAI?
Title
Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds.
Severity ?
7.5 (High)
CWE
- CWE-253 - Incorrect Check of Function Return Value
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:12:27.086945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:12:35.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 22.5.2"
},
{
"status": "affected",
"version": "\u003c 21.10.2"
},
{
"status": "affected",
"version": "\u003c 20.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn\u0027t in a previous 401 response\u0027s WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn\u0027t being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "CWE-253: Incorrect Check of Function Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T15:33:00.087Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j"
},
{
"name": "https://github.com/asterisk/asterisk/pull/1407",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/1407"
},
{
"name": "https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f"
}
],
"source": {
"advisory": "GHSA-64qc-9x89-rx5j",
"discovery": "UNKNOWN"
},
"title": "Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57767",
"datePublished": "2025-08-28T15:33:00.087Z",
"dateReserved": "2025-08-19T15:16:22.917Z",
"dateUpdated": "2025-08-28T17:12:35.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54995 (GCVE-0-2025-54995)
Vulnerability from cvelistv5 – Published: 2025-08-28 15:08 – Updated: 2025-11-03 17:45
VLAI?
Title
Asterisk remotely exploitable leak of RTP UDP ports and internal resources
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54995",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T18:53:35.935192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:54:20.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:15.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.26.4"
},
{
"status": "affected",
"version": "\u003c 18.9-cert17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T15:08:04.468Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2"
},
{
"name": "https://github.com/asterisk/asterisk/pull/1405",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/1405"
},
{
"name": "https://github.com/asterisk/asterisk/pull/1406",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/1406"
},
{
"name": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9"
},
{
"name": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d"
}
],
"source": {
"advisory": "GHSA-557q-795j-wfx2",
"discovery": "UNKNOWN"
},
"title": "Asterisk remotely exploitable leak of RTP UDP ports and internal resources"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54995",
"datePublished": "2025-08-28T15:08:04.468Z",
"dateReserved": "2025-08-04T17:34:24.420Z",
"dateUpdated": "2025-11-03T17:45:15.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49832 (GCVE-0-2025-49832)
Vulnerability from cvelistv5 – Published: 2025-08-01 17:57 – Updated: 2025-08-01 18:29
VLAI?
Title
Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1.
Severity ?
6.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T18:28:56.826749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T18:29:18.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.26.3"
},
{
"status": "affected",
"version": "\u003e= 20.00.0, \u003c 20.15.1"
},
{
"status": "affected",
"version": "\u003e= 21.00.0, \u003c 21.10.1"
},
{
"status": "affected",
"version": "\u003e= 22.00.0, \u003c 22.5.1"
},
{
"status": "affected",
"version": "\u003e= 20.7-cert6, \u003c 20.7-cert7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T17:57:29.933Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr"
}
],
"source": {
"advisory": "GHSA-mrq5-74j5-f5cr",
"discovery": "UNKNOWN"
},
"title": "Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49832",
"datePublished": "2025-08-01T17:57:29.933Z",
"dateReserved": "2025-06-11T14:33:57.799Z",
"dateUpdated": "2025-08-01T18:29:18.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202509-3117
Vulnerability from variot - Updated: 2025-11-18 15:36A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.
Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202509-3117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "21.10.1"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.26.3"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "22.5.1"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.7"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "22.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.15.1"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "21.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-1131"
}
]
},
"cve": "CVE-2025-1131",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-1131",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-1131",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
"id": "CVE-2025-1131",
"trust": 1.0,
"value": "High"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-1131"
},
{
"db": "NVD",
"id": "CVE-2025-1131"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.\n\n\nNon-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-1131"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-1131",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-1131"
}
]
},
"id": "VAR-202509-3117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.348297215
},
"last_update_date": "2025-11-18T15:36:47.081000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-1131"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-v9q8-9j8m-5xwp"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-1131"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-1131"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-23T05:15:35.603000",
"db": "NVD",
"id": "CVE-2025-1131"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-03T18:15:48.883000",
"db": "NVD",
"id": "CVE-2025-1131"
}
]
}
}
VAR-202508-3607
Vulnerability from variot - Updated: 2025-11-18 15:32Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202508-3607",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.26.4"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "certified asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-54995"
}
]
},
"cve": "CVE-2025-54995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2025-54995",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "security-advisories@github.com",
"id": "CVE-2025-54995",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-54995"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-54995"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-54995",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-54995"
}
]
},
"id": "VAR-202508-3607",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.348297215
},
"last_update_date": "2025-11-18T15:32:26.481000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "CWE-1286",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-54995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d"
},
{
"trust": 1.0,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-557q-795j-wfx2"
},
{
"trust": 1.0,
"url": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9"
},
{
"trust": 1.0,
"url": "https://github.com/asterisk/asterisk/pull/1405"
},
{
"trust": 1.0,
"url": "https://github.com/asterisk/asterisk/pull/1406"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-54995"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-54995"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-28T15:16:02.500000",
"db": "NVD",
"id": "CVE-2025-54995"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-03T18:17:00.357000",
"db": "NVD",
"id": "CVE-2025-54995"
}
]
}
}
VAR-202505-4134
Vulnerability from variot - Updated: 2025-11-18 15:24Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring cli_permissions.conf (e.g. with the config line deny=!*) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the cli_permissions.conf file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. Sangoma of Asterisk and certified asterisk for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-4134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.7"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.26.2"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "21.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "21.9.1"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.14.1"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "22.4.1"
},
{
"model": "certified asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "22.0.0"
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013018"
},
{
"db": "NVD",
"id": "CVE-2025-47780"
}
]
},
"cve": "CVE-2025-47780",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-47780",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-47780",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-47780",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2025-47780",
"trust": 1.0,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2025-47780",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013018"
},
{
"db": "NVD",
"id": "CVE-2025-47780"
},
{
"db": "NVD",
"id": "CVE-2025-47780"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. Sangoma of Asterisk and certified asterisk for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-47780"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-013018"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-47780",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-013018",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013018"
},
{
"db": "NVD",
"id": "CVE-2025-47780"
}
]
},
"id": "VAR-202505-4134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.348297215
},
"last_update_date": "2025-11-18T15:24:31.938000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013018"
},
{
"db": "NVD",
"id": "CVE-2025-47780"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-c7p6-7mvq-8jq2"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00003.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-47780"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013018"
},
{
"db": "NVD",
"id": "CVE-2025-47780"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013018"
},
{
"db": "NVD",
"id": "CVE-2025-47780"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-013018"
},
{
"date": "2025-05-22T17:15:24.890000",
"db": "NVD",
"id": "CVE-2025-47780"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-05T05:22:00",
"db": "JVNDB",
"id": "JVNDB-2025-013018"
},
{
"date": "2025-11-03T20:19:05.740000",
"db": "NVD",
"id": "CVE-2025-47780"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma\u00a0 of \u00a0Asterisk\u00a0 and \u00a0certified\u00a0asterisk\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013018"
}
],
"trust": 0.8
}
}
VAR-202409-2372
Vulnerability from variot - Updated: 2025-11-18 15:23Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with .1 or [.1], and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting noload = res_resolver_unbound.so in modules.conf, or set rewrite_contact = yes on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations. Sangoma of Asterisk and certified asterisk vulnerabilities related to unchecked return values, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-2372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.9.3"
},
{
"model": "certified asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "sangoma",
"version": "21.4.3"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.7"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.0.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "21.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.24.3"
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027471"
},
{
"db": "NVD",
"id": "CVE-2024-42491"
}
]
},
"cve": "CVE-2024-42491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"id": "CVE-2024-42491",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 5.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-027471",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "security-advisories@github.com",
"id": "CVE-2024-42491",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-027471",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027471"
},
{
"db": "NVD",
"id": "CVE-2024-42491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations. Sangoma of Asterisk and certified asterisk vulnerabilities related to unchecked return values, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-42491"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-027471"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-42491",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-027471",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027471"
},
{
"db": "NVD",
"id": "CVE-2024-42491"
}
]
},
"id": "VAR-202409-2372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.348297215
},
"last_update_date": "2025-11-18T15:23:54.797000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "CWE-252",
"trust": 1.0
},
{
"problemtype": "Unchecked return value (CWE-252) [ others ]",
"trust": 0.8
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027471"
},
{
"db": "NVD",
"id": "CVE-2024-42491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-v428-g3cw-7hv9"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00016.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-42491"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027471"
},
{
"db": "NVD",
"id": "CVE-2024-42491"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027471"
},
{
"db": "NVD",
"id": "CVE-2024-42491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-027471"
},
{
"date": "2024-09-05T18:15:05.707000",
"db": "NVD",
"id": "CVE-2024-42491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-27T02:45:00",
"db": "JVNDB",
"id": "JVNDB-2024-027471"
},
{
"date": "2025-11-03T22:18:06.950000",
"db": "NVD",
"id": "CVE-2024-42491"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma\u00a0 of \u00a0Asterisk\u00a0 and \u00a0certified\u00a0asterisk\u00a0 Vulnerability regarding unchecked return value in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027471"
}
],
"trust": 0.8
}
}
VAR-202502-0753
Vulnerability from variot - Updated: 2025-11-18 15:23Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration. Sangoma of Asterisk Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-0753",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "sangoma",
"version": "22.5.1"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "22.0.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "sangoma",
"version": null
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "sangoma",
"version": "22.0.0 to 22.5.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014069"
},
{
"db": "NVD",
"id": "CVE-2024-57520"
}
]
},
"cve": "CVE-2024-57520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-57520",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-014069",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-57520",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2025-014069",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014069"
},
{
"db": "NVD",
"id": "CVE-2024-57520"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration. Sangoma of Asterisk Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-57520"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-014069"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-57520",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-014069",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014069"
},
{
"db": "NVD",
"id": "CVE-2024-57520"
}
]
},
"id": "VAR-202502-0753",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19659443
},
"last_update_date": "2025-11-18T15:23:53.107000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "Improper permission assignment for critical resources (CWE-732) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014069"
},
{
"db": "NVD",
"id": "CVE-2024-57520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://gist.github.com/hyp164d1/ae76ab25acfbe263b2ed7b24b6e5c621"
},
{
"trust": 1.0,
"url": "https://github.com/asterisk/asterisk/issues/1122"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-57520"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014069"
},
{
"db": "NVD",
"id": "CVE-2024-57520"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014069"
},
{
"db": "NVD",
"id": "CVE-2024-57520"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-014069"
},
{
"date": "2025-02-05T22:15:32.923000",
"db": "NVD",
"id": "CVE-2024-57520"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-18T08:39:00",
"db": "JVNDB",
"id": "JVNDB-2025-014069"
},
{
"date": "2025-11-06T13:15:35.177000",
"db": "NVD",
"id": "CVE-2024-57520"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma\u00a0 of \u00a0Asterisk\u00a0 Vulnerability in improper permission assignment for critical resources in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014069"
}
],
"trust": 0.8
}
}
VAR-202505-3022
Vulnerability from variot - Updated: 2025-11-18 15:19Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. Sangoma of Asterisk and certified asterisk vulnerabilities related to improper sanitization of delimiters, special element 1 There is a filtering vulnerability in at least one instance.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-3022",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.7"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.26.2"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "21.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "21.9.1"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.14.1"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "22.4.1"
},
{
"model": "certified asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "22.0.0"
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013053"
},
{
"db": "NVD",
"id": "CVE-2025-47779"
}
]
},
"cve": "CVE-2025-47779",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CVE-2025-47779",
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2025-47779",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2025-47779",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "security-advisories@github.com",
"id": "CVE-2025-47779",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-47779",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2025-47779",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013053"
},
{
"db": "NVD",
"id": "CVE-2025-47779"
},
{
"db": "NVD",
"id": "CVE-2025-47779"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. Sangoma of Asterisk and certified asterisk vulnerabilities related to improper sanitization of delimiters, special element 1 There is a filtering vulnerability in at least one instance.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-47779"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-013053"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-47779",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-013053",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013053"
},
{
"db": "NVD",
"id": "CVE-2025-47779"
}
]
},
"id": "VAR-202505-3022",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.348297215
},
"last_update_date": "2025-11-18T15:19:28.517000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-792",
"trust": 1.0
},
{
"problemtype": "CWE-140",
"trust": 1.0
},
{
"problemtype": "Improper sanitization of delimiters (CWE-140) [ others ]",
"trust": 0.8
},
{
"problemtype": " Special elements 1 Incomplete filtering for more than one instance (CWE-792) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013053"
},
{
"db": "NVD",
"id": "CVE-2025-47779"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-2grh-7mhv-fcfw"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00003.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-47779"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013053"
},
{
"db": "NVD",
"id": "CVE-2025-47779"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013053"
},
{
"db": "NVD",
"id": "CVE-2025-47779"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-013053"
},
{
"date": "2025-05-22T17:15:24.730000",
"db": "NVD",
"id": "CVE-2025-47779"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-05T06:31:00",
"db": "JVNDB",
"id": "JVNDB-2025-013053"
},
{
"date": "2025-11-03T20:19:05.613000",
"db": "NVD",
"id": "CVE-2025-47779"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma\u00a0 of \u00a0Asterisk\u00a0 and \u00a0certified\u00a0asterisk\u00a0 Vulnerability related to improper sanitization of delimiters in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-013053"
}
],
"trust": 0.8
}
}
VAR-202112-2083
Vulnerability from variot - Updated: 2025-11-18 14:43PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds. PJSIP Exists in an integer underflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-6422-2 October 24, 2023
ring vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
Summary:
Several security issues were fixed in Ring.
Software Description: - ring: Secure and distributed voice, video, and chat platform
Details:
It was discovered that Ring incorrectly handled certain inputs. (CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-27585)
Original advisory details:
It was discovered that Ring incorrectly handled certain inputs. (CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031, CVE-2022-39244)
It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722)
It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-27585)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: jami 20230206.0~ds2-1.3ubuntu0.1 jami-daemon 20230206.0~ds2-1.3ubuntu0.1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6422-2 https://ubuntu.com/security/notices/USN-6422-1 CVE-2021-37706, CVE-2023-27585
Package Information: https://launchpad.net/ubuntu/+source/ring/20230206.0~ds2-1.3ubuntu0.1
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-37
https://security.gentoo.org/
Severity: Normal Title: PJSIP: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #803614, #829894, #875863 ID: 202210-37
Synopsis
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/pjproject < 2.12.1 >= 2.12.1
Description
Multiple vulnerabilities have been discovered in PJSIP. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Resolution
All PJSIP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/pjproject-2.12.1"
References
[ 1 ] CVE-2021-32686 https://nvd.nist.gov/vuln/detail/CVE-2021-32686 [ 2 ] CVE-2021-37706 https://nvd.nist.gov/vuln/detail/CVE-2021-37706 [ 3 ] CVE-2021-41141 https://nvd.nist.gov/vuln/detail/CVE-2021-41141 [ 4 ] CVE-2021-43804 https://nvd.nist.gov/vuln/detail/CVE-2021-43804 [ 5 ] CVE-2021-43845 https://nvd.nist.gov/vuln/detail/CVE-2021-43845 [ 6 ] CVE-2022-21722 https://nvd.nist.gov/vuln/detail/CVE-2022-21722 [ 7 ] CVE-2022-21723 https://nvd.nist.gov/vuln/detail/CVE-2022-21723 [ 8 ] CVE-2022-23608 https://nvd.nist.gov/vuln/detail/CVE-2022-23608 [ 9 ] CVE-2022-24754 https://nvd.nist.gov/vuln/detail/CVE-2022-24754 [ 10 ] CVE-2022-24763 https://nvd.nist.gov/vuln/detail/CVE-2022-24763 [ 11 ] CVE-2022-24764 https://nvd.nist.gov/vuln/detail/CVE-2022-24764 [ 12 ] CVE-2022-24786 https://nvd.nist.gov/vuln/detail/CVE-2022-24786 [ 13 ] CVE-2022-24792 https://nvd.nist.gov/vuln/detail/CVE-2022-24792 [ 14 ] CVE-2022-24793 https://nvd.nist.gov/vuln/detail/CVE-2022-24793 [ 15 ] CVE-2022-31031 https://nvd.nist.gov/vuln/detail/CVE-2022-31031 [ 16 ] CVE-2022-39244 https://nvd.nist.gov/vuln/detail/CVE-2022-39244 [ 17 ] CVE-2022-39269 https://nvd.nist.gov/vuln/detail/CVE-2022-39269
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202210-37
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5285-1 security@debian.org https://www.debian.org/security/ Markus Koschany November 17, 2022 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608 CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651 Debian Bug : 1014998 1018073 1014976
Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.
Special care should be taken when upgrading to this new upstream release. Some configuration files and options have changed in order to remedy certain security vulnerabilities. Most notably the pjsip TLS listener only accepts TLSv1.3 connections in the default configuration now. This can be reverted by adding method=tlsv1_2 to the transport in pjsip.conf. See also https://issues.asterisk.org/jira/browse/ASTERISK-29017.
For the stable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u1.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmN2qoFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeR0pQ/+Kr+FWFeFyrkFTyVv5BGBJug+EvZzzC2JZoI/TNsiAWQi/BZTQJ0pmdZr EHokqN7Z35EqZW6sj5aypdK7bOv4N+uv6P59xROk1KjEEG6XttGJ2BUvffWYWEXo k6+ou/yfAxU72Ufd1eOcMtjyGeN0CljmemIJ5Cywpnaw8YArP+VzRK2NEth0gCmJ TAfSvIPFaS7jB6fEg8KESOpmvtlqEJUh5sjP2t+OOEc3AoNBBuj4ZC44SQ1nif6k jEbmLFnJYQF8dP+IasZ3SY80N+BeuGiylZQ6w1ZvuYuUAK3jhHQ3CJvTQ4sEqNQV Zva6t0kHOEKVxKg412oEpQ0ihR+EBF/lnECu7iR2HTKk8xteNwio5qeeW/joTAJx OTYlHTtERTZIiaHdmV3nmGYgrTLeDHClilCnJrQuyXF+LVHjxBWDh7WS83zSrdIH gNP0eZ5UEjrpomf1yKqHVUsji63eSWACdFVXJLACMwpuevq8qgV6zASD+VuUd36r foEOKVj+FIHehWSef9pP48Na8bOn0EDVqtZEPOjE6o8Y8PjgSf7BSNogppZncldw VREox9NsxGM9hSVh3lVBWL8lT76HQVzXjfXXXoIEFDiGokNRV/dNTuhhb/mh0zxr VTKBboC6ijQVCdVQ7UdGFnoVXOWW2gy8sdam40ELBUCGDD5XI7A\xeajm -----END PGP SIGNATURE----- . Asterisk Project Security Advisory - AST-2022-004
Product Asterisk
Summary pjproject: possible integer underflow on STUN
message
Nature of Advisory Arbitrary code execution
Susceptibility Remote unauthenticated sessions
Severity Major
Exploits Known Yes
Reported On March 3, 2022
Reported By Sauw Ming
Posted On March 4, 2022
Last Updated On March 3, 2022
Advisory Contact kharwell AT sangoma DOT com
CVE Name CVE-2021-37706
Description The header length on incoming STUN messages that
contain an ERROR-CODE attribute is not properly
checked. This can result in an integer underflow.
Note, this requires ICE or WebRTC support to be in use
with a malicious remote party.
Modules Affected bundled pjproject
Resolution If you use “with-pjproject-bundled” then upgrade to, or
install one of, the versions of Asterisk listed below.
Otherwise install the appropriate version of pjproject that
contains the patch.
Affected Versions
Product Release Series
Asterisk Open Source 16.x All versions
Asterisk Open Source 18.x All versions
Asterisk Open Source 19.x All versions
Certified Asterisk 16.x All versions
Corrected In
Product Release
Asterisk Open Source 16.24.1,18.10.1,19.2.1
Certified Asterisk 16.8-cert13
Patches
Patch URL Revision
https://downloads.digium.com/pub/security/AST-2022-004-16.diff Asterisk
16
https://downloads.digium.com/pub/security/AST-2022-004-18.diff Asterisk
18
https://downloads.digium.com/pub/security/AST-2022-004-19.diff Asterisk
19
https://downloads.digium.com/pub/security/AST-2022-004-16.8.diff Certified
Asterisk
16.8
Links https://issues.asterisk.org/jira/browse/ASTERISK-29945
https://downloads.asterisk.org/pub/security/AST-2022-004.html
https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
https://downloads.digium.com/pub/security/AST-2022-004.pdf and
https://downloads.digium.com/pub/security/AST-2022-004.html
Revision History
Date Editor Revisions Made
March 3, 2022 Kevin Harwell Initial revision
Asterisk Project Security Advisory - AST-2022-004
Copyright © 2022 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2083",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.24.1"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.0.0"
},
{
"model": "pjsip",
"scope": "lte",
"trust": 1.0,
"vendor": "teluu",
"version": "2.11.1"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.10.1"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "19.2.1"
},
{
"model": "certified asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "asterisk",
"version": "16.8.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "19.0.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "16.8.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "asterisk",
"version": null
},
{
"model": "pjsip",
"scope": null,
"trust": 0.8,
"vendor": "teluu",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016401"
},
{
"db": "NVD",
"id": "CVE-2021-37706"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "175315"
},
{
"db": "PACKETSTORM",
"id": "175025"
}
],
"trust": 0.2
},
"cve": "CVE-2021-37706",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-37706",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-37706",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2021-37706",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-37706",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-37706",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2021-37706",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-37706",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2179",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-37706",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37706"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2179"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016401"
},
{
"db": "NVD",
"id": "CVE-2021-37706"
},
{
"db": "NVD",
"id": "CVE-2021-37706"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim\u2019s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim\u2019s machine. Users are advised to upgrade as soon as possible. There are no known workarounds. PJSIP Exists in an integer underflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-6422-2\nOctober 24, 2023\n\nring vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n\nSummary:\n\nSeveral security issues were fixed in Ring. \n\nSoftware Description:\n- ring: Secure and distributed voice, video, and chat platform\n\nDetails:\n\nIt was discovered that Ring incorrectly handled certain inputs. \n(CVE-2021-37706)\n\nIt was discovered that Ring incorrectly handled certain inputs. If a user or\nan automated system were tricked into opening a specially crafted input file,\na remote attacker could possibly use this issue to cause a denial of service. \n(CVE-2023-27585)\n\n\nOriginal advisory details:\n\n\n It was discovered that Ring incorrectly handled certain inputs. \n (CVE-2021-37706)\n\n It was discovered that Ring incorrectly handled certain inputs. If a user or\n an automated system were tricked into opening a specially crafted input file,\n a remote attacker could possibly use this issue to cause a denial of service. \n This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n (CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,\n CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723,\n CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754,\n CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031,\n CVE-2022-39244)\n\n It was discovered that Ring incorrectly handled certain inputs. If a user or\n an automated system were tricked into opening a specially crafted input file,\n a remote attacker could possibly use this issue to cause a denial of service. \n This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722)\n\n It was discovered that Ring incorrectly handled certain inputs. If a user or\n an automated system were tricked into opening a specially crafted input file,\n a remote attacker could possibly use this issue to cause a denial of service. \n (CVE-2023-27585)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n jami 20230206.0~ds2-1.3ubuntu0.1\n jami-daemon 20230206.0~ds2-1.3ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6422-2\n https://ubuntu.com/security/notices/USN-6422-1\n CVE-2021-37706, CVE-2023-27585\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ring/20230206.0~ds2-1.3ubuntu0.1\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202210-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: PJSIP: Multiple Vulnerabilities\n Date: October 31, 2022\n Bugs: #803614, #829894, #875863\n ID: 202210-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in PJSIP, the worst of which\ncould result in arbitrary code execution. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/pjproject \u003c 2.12.1 \u003e= 2.12.1\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in PJSIP. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nResolution\n=========\nAll PJSIP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/pjproject-2.12.1\"\n\nReferences\n=========\n[ 1 ] CVE-2021-32686\n https://nvd.nist.gov/vuln/detail/CVE-2021-32686\n[ 2 ] CVE-2021-37706\n https://nvd.nist.gov/vuln/detail/CVE-2021-37706\n[ 3 ] CVE-2021-41141\n https://nvd.nist.gov/vuln/detail/CVE-2021-41141\n[ 4 ] CVE-2021-43804\n https://nvd.nist.gov/vuln/detail/CVE-2021-43804\n[ 5 ] CVE-2021-43845\n https://nvd.nist.gov/vuln/detail/CVE-2021-43845\n[ 6 ] CVE-2022-21722\n https://nvd.nist.gov/vuln/detail/CVE-2022-21722\n[ 7 ] CVE-2022-21723\n https://nvd.nist.gov/vuln/detail/CVE-2022-21723\n[ 8 ] CVE-2022-23608\n https://nvd.nist.gov/vuln/detail/CVE-2022-23608\n[ 9 ] CVE-2022-24754\n https://nvd.nist.gov/vuln/detail/CVE-2022-24754\n[ 10 ] CVE-2022-24763\n https://nvd.nist.gov/vuln/detail/CVE-2022-24763\n[ 11 ] CVE-2022-24764\n https://nvd.nist.gov/vuln/detail/CVE-2022-24764\n[ 12 ] CVE-2022-24786\n https://nvd.nist.gov/vuln/detail/CVE-2022-24786\n[ 13 ] CVE-2022-24792\n https://nvd.nist.gov/vuln/detail/CVE-2022-24792\n[ 14 ] CVE-2022-24793\n https://nvd.nist.gov/vuln/detail/CVE-2022-24793\n[ 15 ] CVE-2022-31031\n https://nvd.nist.gov/vuln/detail/CVE-2022-31031\n[ 16 ] CVE-2022-39244\n https://nvd.nist.gov/vuln/detail/CVE-2022-39244\n[ 17 ] CVE-2022-39269\n https://nvd.nist.gov/vuln/detail/CVE-2022-39269\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-37\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5285-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nNovember 17, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301\n CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845\n CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608\n CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792\n CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651\nDebian Bug : 1014998 1018073 1014976\n\nMultiple security vulnerabilities have been found in Asterisk, an Open Source\nPrivate Branch Exchange. Buffer overflows and other programming errors could be\nexploited for information disclosure or the execution of arbitrary code. \n\nSpecial care should be taken when upgrading to this new upstream release. \nSome configuration files and options have changed in order to remedy\ncertain security vulnerabilities. Most notably the pjsip TLS listener only\naccepts TLSv1.3 connections in the default configuration now. This can be\nreverted by adding method=tlsv1_2 to the transport in pjsip.conf. See also\nhttps://issues.asterisk.org/jira/browse/ASTERISK-29017. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1:16.28.0~dfsg-0+deb11u1. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmN2qoFfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeR0pQ/+Kr+FWFeFyrkFTyVv5BGBJug+EvZzzC2JZoI/TNsiAWQi/BZTQJ0pmdZr\nEHokqN7Z35EqZW6sj5aypdK7bOv4N+uv6P59xROk1KjEEG6XttGJ2BUvffWYWEXo\nk6+ou/yfAxU72Ufd1eOcMtjyGeN0CljmemIJ5Cywpnaw8YArP+VzRK2NEth0gCmJ\nTAfSvIPFaS7jB6fEg8KESOpmvtlqEJUh5sjP2t+OOEc3AoNBBuj4ZC44SQ1nif6k\njEbmLFnJYQF8dP+IasZ3SY80N+BeuGiylZQ6w1ZvuYuUAK3jhHQ3CJvTQ4sEqNQV\nZva6t0kHOEKVxKg412oEpQ0ihR+EBF/lnECu7iR2HTKk8xteNwio5qeeW/joTAJx\nOTYlHTtERTZIiaHdmV3nmGYgrTLeDHClilCnJrQuyXF+LVHjxBWDh7WS83zSrdIH\ngNP0eZ5UEjrpomf1yKqHVUsji63eSWACdFVXJLACMwpuevq8qgV6zASD+VuUd36r\nfoEOKVj+FIHehWSef9pP48Na8bOn0EDVqtZEPOjE6o8Y8PjgSf7BSNogppZncldw\nVREox9NsxGM9hSVh3lVBWL8lT76HQVzXjfXXXoIEFDiGokNRV/dNTuhhb/mh0zxr\nVTKBboC6ijQVCdVQ7UdGFnoVXOWW2gy8sdam40ELBUCGDD5XI7A\\xeajm\n-----END PGP SIGNATURE-----\n. Asterisk Project Security Advisory - AST-2022-004\n\n Product Asterisk \n Summary pjproject: possible integer underflow on STUN \n message \n Nature of Advisory Arbitrary code execution \n Susceptibility Remote unauthenticated sessions \n Severity Major \n Exploits Known Yes \n Reported On March 3, 2022 \n Reported By Sauw Ming \n Posted On March 4, 2022 \n Last Updated On March 3, 2022 \n Advisory Contact kharwell AT sangoma DOT com \n CVE Name CVE-2021-37706 \n\n Description The header length on incoming STUN messages that \n contain an ERROR-CODE attribute is not properly \n checked. This can result in an integer underflow. \n Note, this requires ICE or WebRTC support to be in use \n with a malicious remote party. \n Modules Affected bundled pjproject \n\n Resolution If you use \u201cwith-pjproject-bundled\u201d then upgrade to, or \n install one of, the versions of Asterisk listed below. \n Otherwise install the appropriate version of pjproject that \n contains the patch. \n\n Affected Versions\n Product Release Series \n Asterisk Open Source 16.x All versions \n Asterisk Open Source 18.x All versions \n Asterisk Open Source 19.x All versions \n Certified Asterisk 16.x All versions \n\n Corrected In\n Product Release \n Asterisk Open Source 16.24.1,18.10.1,19.2.1 \n Certified Asterisk 16.8-cert13 \n\n Patches \n Patch URL Revision \n https://downloads.digium.com/pub/security/AST-2022-004-16.diff Asterisk \n 16 \n https://downloads.digium.com/pub/security/AST-2022-004-18.diff Asterisk \n 18 \n https://downloads.digium.com/pub/security/AST-2022-004-19.diff Asterisk \n 19 \n https://downloads.digium.com/pub/security/AST-2022-004-16.8.diff Certified \n Asterisk \n 16.8 \n\nLinks https://issues.asterisk.org/jira/browse/ASTERISK-29945 \n \n https://downloads.asterisk.org/pub/security/AST-2022-004.html \n \n https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at \n https://downloads.digium.com/pub/security/AST-2022-004.pdf and \n https://downloads.digium.com/pub/security/AST-2022-004.html \n\n Revision History\n Date Editor Revisions Made \n March 3, 2022 Kevin Harwell Initial revision \n\n Asterisk Project Security Advisory - AST-2022-004\n Copyright \u00a9 2022 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37706"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016401"
},
{
"db": "VULMON",
"id": "CVE-2021-37706"
},
{
"db": "PACKETSTORM",
"id": "175315"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "175025"
},
{
"db": "PACKETSTORM",
"id": "166225"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37706",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "166225",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016401",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169618",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169938",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022022414",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030601",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0941",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2179",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-37706",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175025",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37706"
},
{
"db": "PACKETSTORM",
"id": "175315"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "175025"
},
{
"db": "PACKETSTORM",
"id": "166225"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2179"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016401"
},
{
"db": "NVD",
"id": "CVE-2021-37706"
}
]
},
"id": "VAR-202112-2083",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.348297215
},
"last_update_date": "2025-11-18T14:43:44.980000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Potential\u00a0integer\u00a0underflow\u00a0upon\u00a0receiving\u00a0STUN\u00a0message",
"trust": 0.8,
"url": "https://www.asterisk.org/"
},
{
"title": "PJSIP Fixes for digital error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=176822"
},
{
"title": "Debian CVElist Bug Report Logs: ring: CVE-2021-32686 CVE-2021-37706 CVE-2022-21723 CVE-2022-23608 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2022-21722 CVE-2022-24754 CVE-2022-24763 CVE-2022-24764 CVE-2022-24793",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4e89fc7b47aa12e94340b2e2db73b906"
},
{
"title": "Debian Security Advisories: DSA-5285-1 asterisk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=edc2cf0db8c0593c65c4c82227026727"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37706"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2179"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016401"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-191",
"trust": 1.0
},
{
"problemtype": "Integer underflow (CWE-191) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016401"
},
{
"db": "NVD",
"id": "CVE-2021-37706"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/mar/0"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/166225/asterisk-project-security-advisory-ast-2022-004.html"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37706"
},
{
"trust": 1.8,
"url": "https://github.com/pjsip/pjproject/security/advisories/ghsa-2qpg-f6wf-w984"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"trust": 1.7,
"url": "https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169618/gentoo-linux-security-advisory-202210-37.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169938/debian-security-advisory-5285-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022414"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030601"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-integer-overflow-via-pjproject-stun-message-37712"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0941"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21722"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24763"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43303"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39244"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43804"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23608"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24764"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-6422-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23537"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27585"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24793"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43845"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21723"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43302"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/191.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ring/20230206.0~ds2-1.3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6422-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24754"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39269"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32686"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46837"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43301"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-29017."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43300"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ring/20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ring/20230206.0~ds1-5ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23547"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-004-16.diff"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-004.pdf"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-004-18.diff"
},
{
"trust": 0.1,
"url": "https://downloads.asterisk.org/pub/security/ast-2022-004.html"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-29945"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-004.html"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-004-19.diff"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-004-16.8.diff"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37706"
},
{
"db": "PACKETSTORM",
"id": "175315"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "175025"
},
{
"db": "PACKETSTORM",
"id": "166225"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2179"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016401"
},
{
"db": "NVD",
"id": "CVE-2021-37706"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-37706"
},
{
"db": "PACKETSTORM",
"id": "175315"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "175025"
},
{
"db": "PACKETSTORM",
"id": "166225"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2179"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016401"
},
{
"db": "NVD",
"id": "CVE-2021-37706"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37706"
},
{
"date": "2023-10-24T16:01:47",
"db": "PACKETSTORM",
"id": "175315"
},
{
"date": "2022-11-01T13:21:55",
"db": "PACKETSTORM",
"id": "169618"
},
{
"date": "2022-11-18T14:28:10",
"db": "PACKETSTORM",
"id": "169938"
},
{
"date": "2023-10-10T14:47:37",
"db": "PACKETSTORM",
"id": "175025"
},
{
"date": "2022-03-07T16:25:13",
"db": "PACKETSTORM",
"id": "166225"
},
{
"date": "2021-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2179"
},
{
"date": "2022-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016401"
},
{
"date": "2021-12-22T18:15:07.487000",
"db": "NVD",
"id": "CVE-2021-37706"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-18T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37706"
},
{
"date": "2022-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2179"
},
{
"date": "2022-12-14T05:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-016401"
},
{
"date": "2025-11-04T16:15:43.010000",
"db": "NVD",
"id": "CVE-2021-37706"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "175315"
},
{
"db": "PACKETSTORM",
"id": "175025"
},
{
"db": "PACKETSTORM",
"id": "166225"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2179"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PJSIP\u00a0 Integer Underflow Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016401"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2179"
}
],
"trust": 0.6
}
}
VAR-202201-0582
Vulnerability from variot - Updated: 2025-11-18 13:57PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the master branch. There are no known workarounds. PJSIP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202210-37
https://security.gentoo.org/
Severity: Normal Title: PJSIP: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #803614, #829894, #875863 ID: 202210-37
Synopsis
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/pjproject < 2.12.1 >= 2.12.1
Description
Multiple vulnerabilities have been discovered in PJSIP. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Resolution
All PJSIP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/pjproject-2.12.1"
References
[ 1 ] CVE-2021-32686 https://nvd.nist.gov/vuln/detail/CVE-2021-32686 [ 2 ] CVE-2021-37706 https://nvd.nist.gov/vuln/detail/CVE-2021-37706 [ 3 ] CVE-2021-41141 https://nvd.nist.gov/vuln/detail/CVE-2021-41141 [ 4 ] CVE-2021-43804 https://nvd.nist.gov/vuln/detail/CVE-2021-43804 [ 5 ] CVE-2021-43845 https://nvd.nist.gov/vuln/detail/CVE-2021-43845 [ 6 ] CVE-2022-21722 https://nvd.nist.gov/vuln/detail/CVE-2022-21722 [ 7 ] CVE-2022-21723 https://nvd.nist.gov/vuln/detail/CVE-2022-21723 [ 8 ] CVE-2022-23608 https://nvd.nist.gov/vuln/detail/CVE-2022-23608 [ 9 ] CVE-2022-24754 https://nvd.nist.gov/vuln/detail/CVE-2022-24754 [ 10 ] CVE-2022-24763 https://nvd.nist.gov/vuln/detail/CVE-2022-24763 [ 11 ] CVE-2022-24764 https://nvd.nist.gov/vuln/detail/CVE-2022-24764 [ 12 ] CVE-2022-24786 https://nvd.nist.gov/vuln/detail/CVE-2022-24786 [ 13 ] CVE-2022-24792 https://nvd.nist.gov/vuln/detail/CVE-2022-24792 [ 14 ] CVE-2022-24793 https://nvd.nist.gov/vuln/detail/CVE-2022-24793 [ 15 ] CVE-2022-31031 https://nvd.nist.gov/vuln/detail/CVE-2022-31031 [ 16 ] CVE-2022-39244 https://nvd.nist.gov/vuln/detail/CVE-2022-39244 [ 17 ] CVE-2022-39269 https://nvd.nist.gov/vuln/detail/CVE-2022-39269
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202210-37
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5285-1 security@debian.org https://www.debian.org/security/ Markus Koschany November 17, 2022 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608 CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651 Debian Bug : 1014998 1018073 1014976
Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.
Special care should be taken when upgrading to this new upstream release. Some configuration files and options have changed in order to remedy certain security vulnerabilities. Most notably the pjsip TLS listener only accepts TLSv1.3 connections in the default configuration now. This can be reverted by adding method=tlsv1_2 to the transport in pjsip.conf. See also https://issues.asterisk.org/jira/browse/ASTERISK-29017.
For the stable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u1.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmN2qoFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeR0pQ/+Kr+FWFeFyrkFTyVv5BGBJug+EvZzzC2JZoI/TNsiAWQi/BZTQJ0pmdZr EHokqN7Z35EqZW6sj5aypdK7bOv4N+uv6P59xROk1KjEEG6XttGJ2BUvffWYWEXo k6+ou/yfAxU72Ufd1eOcMtjyGeN0CljmemIJ5Cywpnaw8YArP+VzRK2NEth0gCmJ TAfSvIPFaS7jB6fEg8KESOpmvtlqEJUh5sjP2t+OOEc3AoNBBuj4ZC44SQ1nif6k jEbmLFnJYQF8dP+IasZ3SY80N+BeuGiylZQ6w1ZvuYuUAK3jhHQ3CJvTQ4sEqNQV Zva6t0kHOEKVxKg412oEpQ0ihR+EBF/lnECu7iR2HTKk8xteNwio5qeeW/joTAJx OTYlHTtERTZIiaHdmV3nmGYgrTLeDHClilCnJrQuyXF+LVHjxBWDh7WS83zSrdIH gNP0eZ5UEjrpomf1yKqHVUsji63eSWACdFVXJLACMwpuevq8qgV6zASD+VuUd36r foEOKVj+FIHehWSef9pP48Na8bOn0EDVqtZEPOjE6o8Y8PjgSf7BSNogppZncldw VREox9NsxGM9hSVh3lVBWL8lT76HQVzXjfXXXoIEFDiGokNRV/dNTuhhb/mh0zxr VTKBboC6ijQVCdVQ7UdGFnoVXOWW2gy8sdam40ELBUCGDD5XI7A\xeajm -----END PGP SIGNATURE----- . Asterisk Project Security Advisory - AST-2022-006
Product Asterisk
Summary pjproject: unconstrained malformed multipart SIP
message
Nature of Advisory Out of bounds memory access
Susceptibility Remote unauthenticated sessions
Severity Minor
Exploits Known Yes
Reported On March 3, 2022
Reported By Sauw Ming
Posted On March 4, 2022
Last Updated On March 3, 2022
Advisory Contact kharwell AT sangoma DOT com
CVE Name CVE-2022-21723
Description If an incoming SIP message contains a malformed
multi-part body an out of bounds read access may
occur, which can result in undefined behavior. Note,
it’s currently uncertain if there is any externally
exploitable vector within Asterisk for this issue, but
providing this as a security issue out of caution.
Modules Affected bundled pjproject
Resolution If you use “with-pjproject-bundled” then upgrade to, or
install one of, the versions of Asterisk listed below.
Otherwise install the appropriate version of pjproject that
contains the patch.
Affected Versions
Product Release Series
Asterisk Open Source 16.x All versions
Asterisk Open Source 18.x All versions
Asterisk Open Source 19.x All versions
Certified Asterisk 16.x All versions
Corrected In
Product Release
Asterisk Open Source 16.24.1,18.10.1,19.2.1
Certified Asterisk 16.8-cert13
Patches
Patch URL Revision
https://downloads.digium.com/pub/security/AST-2022-006-16.diff Asterisk
16
https://downloads.digium.com/pub/security/AST-2022-006-18.diff Asterisk
18
https://downloads.digium.com/pub/security/AST-2022-006-19.diff Asterisk
19
https://downloads.digium.com/pub/security/AST-2022-006-16.8.diff Certified
Asterisk
16.8
Links https://issues.asterisk.org/jira/browse/ASTERISK-29945
https://downloads.asterisk.org/pub/security/AST-2022-006.html
https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
https://downloads.digium.com/pub/security/AST-2022-006.pdf and
https://downloads.digium.com/pub/security/AST-2022-006.html
Revision History
Date Editor Revisions Made
March 3, 2022 Kevin Harwell Initial revision
Asterisk Project Security Advisory - AST-2022-006
Copyright © 2022 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0582",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.24.1"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.0.0"
},
{
"model": "pjsip",
"scope": "lte",
"trust": 1.0,
"vendor": "teluu",
"version": "2.11.1"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.10.1"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "19.2.1"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "19.0.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "16.8.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "asterisk",
"version": null
},
{
"model": "pjsip",
"scope": "lte",
"trust": 0.8,
"vendor": "teluu",
"version": "2.11.1 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004350"
},
{
"db": "NVD",
"id": "CVE-2022-21723"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "169618"
}
],
"trust": 0.1
},
"cve": "CVE-2022-21723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-21723",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-21723",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-004350",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-21723",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-21723",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-21723",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2496",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-21723",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-21723"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2496"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004350"
},
{
"db": "NVD",
"id": "CVE-2022-21723"
},
{
"db": "NVD",
"id": "CVE-2022-21723"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. PJSIP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202210-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: PJSIP: Multiple Vulnerabilities\n Date: October 31, 2022\n Bugs: #803614, #829894, #875863\n ID: 202210-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in PJSIP, the worst of which\ncould result in arbitrary code execution. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/pjproject \u003c 2.12.1 \u003e= 2.12.1\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in PJSIP. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nResolution\n=========\nAll PJSIP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/pjproject-2.12.1\"\n\nReferences\n=========\n[ 1 ] CVE-2021-32686\n https://nvd.nist.gov/vuln/detail/CVE-2021-32686\n[ 2 ] CVE-2021-37706\n https://nvd.nist.gov/vuln/detail/CVE-2021-37706\n[ 3 ] CVE-2021-41141\n https://nvd.nist.gov/vuln/detail/CVE-2021-41141\n[ 4 ] CVE-2021-43804\n https://nvd.nist.gov/vuln/detail/CVE-2021-43804\n[ 5 ] CVE-2021-43845\n https://nvd.nist.gov/vuln/detail/CVE-2021-43845\n[ 6 ] CVE-2022-21722\n https://nvd.nist.gov/vuln/detail/CVE-2022-21722\n[ 7 ] CVE-2022-21723\n https://nvd.nist.gov/vuln/detail/CVE-2022-21723\n[ 8 ] CVE-2022-23608\n https://nvd.nist.gov/vuln/detail/CVE-2022-23608\n[ 9 ] CVE-2022-24754\n https://nvd.nist.gov/vuln/detail/CVE-2022-24754\n[ 10 ] CVE-2022-24763\n https://nvd.nist.gov/vuln/detail/CVE-2022-24763\n[ 11 ] CVE-2022-24764\n https://nvd.nist.gov/vuln/detail/CVE-2022-24764\n[ 12 ] CVE-2022-24786\n https://nvd.nist.gov/vuln/detail/CVE-2022-24786\n[ 13 ] CVE-2022-24792\n https://nvd.nist.gov/vuln/detail/CVE-2022-24792\n[ 14 ] CVE-2022-24793\n https://nvd.nist.gov/vuln/detail/CVE-2022-24793\n[ 15 ] CVE-2022-31031\n https://nvd.nist.gov/vuln/detail/CVE-2022-31031\n[ 16 ] CVE-2022-39244\n https://nvd.nist.gov/vuln/detail/CVE-2022-39244\n[ 17 ] CVE-2022-39269\n https://nvd.nist.gov/vuln/detail/CVE-2022-39269\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-37\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5285-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nNovember 17, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301\n CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845\n CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608\n CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792\n CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651\nDebian Bug : 1014998 1018073 1014976\n\nMultiple security vulnerabilities have been found in Asterisk, an Open Source\nPrivate Branch Exchange. Buffer overflows and other programming errors could be\nexploited for information disclosure or the execution of arbitrary code. \n\nSpecial care should be taken when upgrading to this new upstream release. \nSome configuration files and options have changed in order to remedy\ncertain security vulnerabilities. Most notably the pjsip TLS listener only\naccepts TLSv1.3 connections in the default configuration now. This can be\nreverted by adding method=tlsv1_2 to the transport in pjsip.conf. See also\nhttps://issues.asterisk.org/jira/browse/ASTERISK-29017. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1:16.28.0~dfsg-0+deb11u1. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmN2qoFfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeR0pQ/+Kr+FWFeFyrkFTyVv5BGBJug+EvZzzC2JZoI/TNsiAWQi/BZTQJ0pmdZr\nEHokqN7Z35EqZW6sj5aypdK7bOv4N+uv6P59xROk1KjEEG6XttGJ2BUvffWYWEXo\nk6+ou/yfAxU72Ufd1eOcMtjyGeN0CljmemIJ5Cywpnaw8YArP+VzRK2NEth0gCmJ\nTAfSvIPFaS7jB6fEg8KESOpmvtlqEJUh5sjP2t+OOEc3AoNBBuj4ZC44SQ1nif6k\njEbmLFnJYQF8dP+IasZ3SY80N+BeuGiylZQ6w1ZvuYuUAK3jhHQ3CJvTQ4sEqNQV\nZva6t0kHOEKVxKg412oEpQ0ihR+EBF/lnECu7iR2HTKk8xteNwio5qeeW/joTAJx\nOTYlHTtERTZIiaHdmV3nmGYgrTLeDHClilCnJrQuyXF+LVHjxBWDh7WS83zSrdIH\ngNP0eZ5UEjrpomf1yKqHVUsji63eSWACdFVXJLACMwpuevq8qgV6zASD+VuUd36r\nfoEOKVj+FIHehWSef9pP48Na8bOn0EDVqtZEPOjE6o8Y8PjgSf7BSNogppZncldw\nVREox9NsxGM9hSVh3lVBWL8lT76HQVzXjfXXXoIEFDiGokNRV/dNTuhhb/mh0zxr\nVTKBboC6ijQVCdVQ7UdGFnoVXOWW2gy8sdam40ELBUCGDD5XI7A\\xeajm\n-----END PGP SIGNATURE-----\n. Asterisk Project Security Advisory - AST-2022-006\n\n Product Asterisk \n Summary pjproject: unconstrained malformed multipart SIP \n message \n Nature of Advisory Out of bounds memory access \n Susceptibility Remote unauthenticated sessions \n Severity Minor \n Exploits Known Yes \n Reported On March 3, 2022 \n Reported By Sauw Ming \n Posted On March 4, 2022 \n Last Updated On March 3, 2022 \n Advisory Contact kharwell AT sangoma DOT com \n CVE Name CVE-2022-21723 \n\n Description If an incoming SIP message contains a malformed \n multi-part body an out of bounds read access may \n occur, which can result in undefined behavior. Note, \n it\u2019s currently uncertain if there is any externally \n exploitable vector within Asterisk for this issue, but \n providing this as a security issue out of caution. \n Modules Affected bundled pjproject \n\n Resolution If you use \u201cwith-pjproject-bundled\u201d then upgrade to, or \n install one of, the versions of Asterisk listed below. \n Otherwise install the appropriate version of pjproject that \n contains the patch. \n\n Affected Versions\n Product Release Series \n Asterisk Open Source 16.x All versions \n Asterisk Open Source 18.x All versions \n Asterisk Open Source 19.x All versions \n Certified Asterisk 16.x All versions \n\n Corrected In\n Product Release \n Asterisk Open Source 16.24.1,18.10.1,19.2.1 \n Certified Asterisk 16.8-cert13 \n\n Patches \n Patch URL Revision \n https://downloads.digium.com/pub/security/AST-2022-006-16.diff Asterisk \n 16 \n https://downloads.digium.com/pub/security/AST-2022-006-18.diff Asterisk \n 18 \n https://downloads.digium.com/pub/security/AST-2022-006-19.diff Asterisk \n 19 \n https://downloads.digium.com/pub/security/AST-2022-006-16.8.diff Certified \n Asterisk \n 16.8 \n\nLinks https://issues.asterisk.org/jira/browse/ASTERISK-29945 \n \n https://downloads.asterisk.org/pub/security/AST-2022-006.html \n \n https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at \n https://downloads.digium.com/pub/security/AST-2022-006.pdf and \n https://downloads.digium.com/pub/security/AST-2022-006.html \n\n Revision History\n Date Editor Revisions Made \n March 3, 2022 Kevin Harwell Initial revision \n\n Asterisk Project Security Advisory - AST-2022-006\n Copyright \u00a9 2022 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21723"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004350"
},
{
"db": "VULMON",
"id": "CVE-2022-21723"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "166227"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21723",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "166227",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004350",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169618",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169938",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022022414",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030601",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0943",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2496",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-21723",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-21723"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "166227"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2496"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004350"
},
{
"db": "NVD",
"id": "CVE-2022-21723"
}
]
},
"id": "VAR-202201-0582",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.348297215
},
"last_update_date": "2025-11-18T13:57:30.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Merge\u00a0pull\u00a0request\u00a0from\u00a0GHSA-7fw8-54cv-r7pm GitHub",
"trust": 0.8,
"url": "https://www.asterisk.org/products/software/certified-asterisk/"
},
{
"title": "PJSIP Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=179686"
},
{
"title": "Debian CVElist Bug Report Logs: ring: CVE-2021-32686 CVE-2021-37706 CVE-2022-21723 CVE-2022-23608 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2022-21722 CVE-2022-24754 CVE-2022-24763 CVE-2022-24764 CVE-2022-24793",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4e89fc7b47aa12e94340b2e2db73b906"
},
{
"title": "Debian Security Advisories: DSA-5285-1 asterisk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=edc2cf0db8c0593c65c4c82227026727"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-21723"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2496"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004350"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004350"
},
{
"db": "NVD",
"id": "CVE-2022-21723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/mar/2"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/166227/asterisk-project-security-advisory-ast-2022-006.html"
},
{
"trust": 1.8,
"url": "https://github.com/pjsip/pjproject/security/advisories/ghsa-7fw8-54cv-r7pm"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"trust": 1.7,
"url": "https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21723"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169618/gentoo-linux-security-advisory-202210-37.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0943"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169938/debian-security-advisory-5285-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022414"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-out-of-bounds-memory-reading-via-pjproject-multipart-sip-message-37714"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030601"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43804"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23608"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43845"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21722"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37706"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24763"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39244"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24754"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39269"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32686"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43303"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46837"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43301"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-29017."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43300"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43302"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-006.html"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-006.pdf"
},
{
"trust": 0.1,
"url": "https://downloads.asterisk.org/pub/security/ast-2022-006.html"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-29945"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-006-19.diff"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-006-16.8.diff"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-006-16.diff"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-006-18.diff"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-21723"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "166227"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2496"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004350"
},
{
"db": "NVD",
"id": "CVE-2022-21723"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-21723"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "166227"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2496"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004350"
},
{
"db": "NVD",
"id": "CVE-2022-21723"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-21723"
},
{
"date": "2022-11-01T13:21:55",
"db": "PACKETSTORM",
"id": "169618"
},
{
"date": "2022-11-18T14:28:10",
"db": "PACKETSTORM",
"id": "169938"
},
{
"date": "2022-03-07T16:29:41",
"db": "PACKETSTORM",
"id": "166227"
},
{
"date": "2022-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2496"
},
{
"date": "2023-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-004350"
},
{
"date": "2022-01-27T00:15:07.737000",
"db": "NVD",
"id": "CVE-2022-21723"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-21723"
},
{
"date": "2022-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2496"
},
{
"date": "2023-04-10T01:24:00",
"db": "JVNDB",
"id": "JVNDB-2022-004350"
},
{
"date": "2025-11-04T16:15:46.583000",
"db": "NVD",
"id": "CVE-2022-21723"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2496"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PJSIP\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004350"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2496"
}
],
"trust": 0.6
}
}
VAR-202202-0167
Vulnerability from variot - Updated: 2025-11-18 12:34PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. Teluu Ltd. of PJSIP Products from multiple other vendors contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-37
https://security.gentoo.org/
Severity: Normal Title: PJSIP: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #803614, #829894, #875863 ID: 202210-37
Synopsis
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/pjproject < 2.12.1 >= 2.12.1
Description
Multiple vulnerabilities have been discovered in PJSIP. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Resolution
All PJSIP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/pjproject-2.12.1"
References
[ 1 ] CVE-2021-32686 https://nvd.nist.gov/vuln/detail/CVE-2021-32686 [ 2 ] CVE-2021-37706 https://nvd.nist.gov/vuln/detail/CVE-2021-37706 [ 3 ] CVE-2021-41141 https://nvd.nist.gov/vuln/detail/CVE-2021-41141 [ 4 ] CVE-2021-43804 https://nvd.nist.gov/vuln/detail/CVE-2021-43804 [ 5 ] CVE-2021-43845 https://nvd.nist.gov/vuln/detail/CVE-2021-43845 [ 6 ] CVE-2022-21722 https://nvd.nist.gov/vuln/detail/CVE-2022-21722 [ 7 ] CVE-2022-21723 https://nvd.nist.gov/vuln/detail/CVE-2022-21723 [ 8 ] CVE-2022-23608 https://nvd.nist.gov/vuln/detail/CVE-2022-23608 [ 9 ] CVE-2022-24754 https://nvd.nist.gov/vuln/detail/CVE-2022-24754 [ 10 ] CVE-2022-24763 https://nvd.nist.gov/vuln/detail/CVE-2022-24763 [ 11 ] CVE-2022-24764 https://nvd.nist.gov/vuln/detail/CVE-2022-24764 [ 12 ] CVE-2022-24786 https://nvd.nist.gov/vuln/detail/CVE-2022-24786 [ 13 ] CVE-2022-24792 https://nvd.nist.gov/vuln/detail/CVE-2022-24792 [ 14 ] CVE-2022-24793 https://nvd.nist.gov/vuln/detail/CVE-2022-24793 [ 15 ] CVE-2022-31031 https://nvd.nist.gov/vuln/detail/CVE-2022-31031 [ 16 ] CVE-2022-39244 https://nvd.nist.gov/vuln/detail/CVE-2022-39244 [ 17 ] CVE-2022-39269 https://nvd.nist.gov/vuln/detail/CVE-2022-39269
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202210-37
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5285-1 security@debian.org https://www.debian.org/security/ Markus Koschany November 17, 2022 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608 CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651 Debian Bug : 1014998 1018073 1014976
Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.
Special care should be taken when upgrading to this new upstream release. Some configuration files and options have changed in order to remedy certain security vulnerabilities. Most notably the pjsip TLS listener only accepts TLSv1.3 connections in the default configuration now. This can be reverted by adding method=tlsv1_2 to the transport in pjsip.conf. See also https://issues.asterisk.org/jira/browse/ASTERISK-29017.
For the stable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u1.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmN2qoFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeR0pQ/+Kr+FWFeFyrkFTyVv5BGBJug+EvZzzC2JZoI/TNsiAWQi/BZTQJ0pmdZr EHokqN7Z35EqZW6sj5aypdK7bOv4N+uv6P59xROk1KjEEG6XttGJ2BUvffWYWEXo k6+ou/yfAxU72Ufd1eOcMtjyGeN0CljmemIJ5Cywpnaw8YArP+VzRK2NEth0gCmJ TAfSvIPFaS7jB6fEg8KESOpmvtlqEJUh5sjP2t+OOEc3AoNBBuj4ZC44SQ1nif6k jEbmLFnJYQF8dP+IasZ3SY80N+BeuGiylZQ6w1ZvuYuUAK3jhHQ3CJvTQ4sEqNQV Zva6t0kHOEKVxKg412oEpQ0ihR+EBF/lnECu7iR2HTKk8xteNwio5qeeW/joTAJx OTYlHTtERTZIiaHdmV3nmGYgrTLeDHClilCnJrQuyXF+LVHjxBWDh7WS83zSrdIH gNP0eZ5UEjrpomf1yKqHVUsji63eSWACdFVXJLACMwpuevq8qgV6zASD+VuUd36r foEOKVj+FIHehWSef9pP48Na8bOn0EDVqtZEPOjE6o8Y8PjgSf7BSNogppZncldw VREox9NsxGM9hSVh3lVBWL8lT76HQVzXjfXXXoIEFDiGokNRV/dNTuhhb/mh0zxr VTKBboC6ijQVCdVQ7UdGFnoVXOWW2gy8sdam40ELBUCGDD5XI7A\xeajm -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6422-1 October 09, 2023
ring vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Ring.
Software Description: - ring: Secure and distributed voice, video, and chat platform
Details:
It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031, CVE-2022-39244)
It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722)
It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-27585)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04: jami 20230206.0~ds1-5ubuntu0.1 jami-daemon 20230206.0~ds1-5ubuntu0.1
Ubuntu 20.04 LTS: jami 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 jami-daemon 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 ring 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 ring-daemon 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro): ring 20180228.1.503da2b~ds1-1ubuntu0.1~esm1 ring-daemon 20180228.1.503da2b~ds1-1ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6422-1 CVE-2021-37706, CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21722, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031, CVE-2022-39244, CVE-2023-27585
Package Information: https://launchpad.net/ubuntu/+source/ring/20230206.0~ds1-5ubuntu0.1
https://launchpad.net/ubuntu/+source/ring/20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
. Asterisk Project Security Advisory - AST-2022-005
Product Asterisk
Summary pjproject: undefined behavior after freeing a dialog
set
Nature of Advisory Denial of service
Susceptibility Remote unauthenticated sessions
Severity Major
Exploits Known Yes
Reported On March 3, 2022
Reported By Sauw Ming
Posted On March 4, 2022
Last Updated On March 3, 2022
Advisory Contact kharwell AT sangoma DOT com
CVE Name CVE-2022-23608
Description When acting as a UAC, and when placing an outgoing
call to a target that then forks Asterisk may
experience undefined behavior (crashes, hangs, etc…)
after a dialog set is prematurely freed.
Modules Affected bundled pjproject
Resolution If you use “with-pjproject-bundled” then upgrade to, or
install one of, the versions of Asterisk listed below.
Otherwise install the appropriate version of pjproject that
contains the patch.
Affected Versions
Product Release Series
Asterisk Open Source 16.x All versions
Asterisk Open Source 18.x All versions
Asterisk Open Source 19.x All versions
Certified Asterisk 16.x All versions
Corrected In
Product Release
Asterisk Open Source 16.24.1,18.10.1,19.2.1
Certified Asterisk 16.8-cert13
Patches
Patch URL Revision
https://downloads.digium.com/pub/security/AST-2022-005-16.diff Asterisk
16
https://downloads.digium.com/pub/security/AST-2022-005-18.diff Asterisk
18
https://downloads.digium.com/pub/security/AST-2022-005-19.diff Asterisk
19
https://downloads.digium.com/pub/security/AST-2022-005-16.8.diff Certified
Asterisk
16.8
Links https://issues.asterisk.org/jira/browse/ASTERISK-29945
https://downloads.asterisk.org/pub/security/AST-2022-005.html
https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
https://downloads.digium.com/pub/security/AST-2022-005.pdf and
https://downloads.digium.com/pub/security/AST-2022-005.html
Revision History
Date Editor Revisions Made
March 3, 2022 Kevin Harwell Initial revision
Asterisk Project Security Advisory - AST-2022-005
Copyright © 2022 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0167",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.24.1"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.0.0"
},
{
"model": "pjsip",
"scope": "lte",
"trust": 1.0,
"vendor": "teluu",
"version": "2.11.1"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.10.1"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "19.2.1"
},
{
"model": "certified asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "asterisk",
"version": "16.8.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "19.0.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "16.8.0"
},
{
"model": "pjsip",
"scope": null,
"trust": 0.8,
"vendor": "teluu",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "asterisk",
"version": null
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006237"
},
{
"db": "NVD",
"id": "CVE-2022-23608"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "169618"
}
],
"trust": 0.1
},
"cve": "CVE-2022-23608",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-23608",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-23608",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-23608",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-23608",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-23608",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-23608",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-23608",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1757",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-23608",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23608"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1757"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006237"
},
{
"db": "NVD",
"id": "CVE-2022-23608"
},
{
"db": "NVD",
"id": "CVE-2022-23608"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. Teluu Ltd. of PJSIP Products from multiple other vendors contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202210-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: PJSIP: Multiple Vulnerabilities\n Date: October 31, 2022\n Bugs: #803614, #829894, #875863\n ID: 202210-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in PJSIP, the worst of which\ncould result in arbitrary code execution. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/pjproject \u003c 2.12.1 \u003e= 2.12.1\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in PJSIP. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nResolution\n=========\nAll PJSIP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/pjproject-2.12.1\"\n\nReferences\n=========\n[ 1 ] CVE-2021-32686\n https://nvd.nist.gov/vuln/detail/CVE-2021-32686\n[ 2 ] CVE-2021-37706\n https://nvd.nist.gov/vuln/detail/CVE-2021-37706\n[ 3 ] CVE-2021-41141\n https://nvd.nist.gov/vuln/detail/CVE-2021-41141\n[ 4 ] CVE-2021-43804\n https://nvd.nist.gov/vuln/detail/CVE-2021-43804\n[ 5 ] CVE-2021-43845\n https://nvd.nist.gov/vuln/detail/CVE-2021-43845\n[ 6 ] CVE-2022-21722\n https://nvd.nist.gov/vuln/detail/CVE-2022-21722\n[ 7 ] CVE-2022-21723\n https://nvd.nist.gov/vuln/detail/CVE-2022-21723\n[ 8 ] CVE-2022-23608\n https://nvd.nist.gov/vuln/detail/CVE-2022-23608\n[ 9 ] CVE-2022-24754\n https://nvd.nist.gov/vuln/detail/CVE-2022-24754\n[ 10 ] CVE-2022-24763\n https://nvd.nist.gov/vuln/detail/CVE-2022-24763\n[ 11 ] CVE-2022-24764\n https://nvd.nist.gov/vuln/detail/CVE-2022-24764\n[ 12 ] CVE-2022-24786\n https://nvd.nist.gov/vuln/detail/CVE-2022-24786\n[ 13 ] CVE-2022-24792\n https://nvd.nist.gov/vuln/detail/CVE-2022-24792\n[ 14 ] CVE-2022-24793\n https://nvd.nist.gov/vuln/detail/CVE-2022-24793\n[ 15 ] CVE-2022-31031\n https://nvd.nist.gov/vuln/detail/CVE-2022-31031\n[ 16 ] CVE-2022-39244\n https://nvd.nist.gov/vuln/detail/CVE-2022-39244\n[ 17 ] CVE-2022-39269\n https://nvd.nist.gov/vuln/detail/CVE-2022-39269\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-37\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5285-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nNovember 17, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301\n CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845\n CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608\n CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792\n CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651\nDebian Bug : 1014998 1018073 1014976\n\nMultiple security vulnerabilities have been found in Asterisk, an Open Source\nPrivate Branch Exchange. Buffer overflows and other programming errors could be\nexploited for information disclosure or the execution of arbitrary code. \n\nSpecial care should be taken when upgrading to this new upstream release. \nSome configuration files and options have changed in order to remedy\ncertain security vulnerabilities. Most notably the pjsip TLS listener only\naccepts TLSv1.3 connections in the default configuration now. This can be\nreverted by adding method=tlsv1_2 to the transport in pjsip.conf. See also\nhttps://issues.asterisk.org/jira/browse/ASTERISK-29017. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1:16.28.0~dfsg-0+deb11u1. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmN2qoFfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeR0pQ/+Kr+FWFeFyrkFTyVv5BGBJug+EvZzzC2JZoI/TNsiAWQi/BZTQJ0pmdZr\nEHokqN7Z35EqZW6sj5aypdK7bOv4N+uv6P59xROk1KjEEG6XttGJ2BUvffWYWEXo\nk6+ou/yfAxU72Ufd1eOcMtjyGeN0CljmemIJ5Cywpnaw8YArP+VzRK2NEth0gCmJ\nTAfSvIPFaS7jB6fEg8KESOpmvtlqEJUh5sjP2t+OOEc3AoNBBuj4ZC44SQ1nif6k\njEbmLFnJYQF8dP+IasZ3SY80N+BeuGiylZQ6w1ZvuYuUAK3jhHQ3CJvTQ4sEqNQV\nZva6t0kHOEKVxKg412oEpQ0ihR+EBF/lnECu7iR2HTKk8xteNwio5qeeW/joTAJx\nOTYlHTtERTZIiaHdmV3nmGYgrTLeDHClilCnJrQuyXF+LVHjxBWDh7WS83zSrdIH\ngNP0eZ5UEjrpomf1yKqHVUsji63eSWACdFVXJLACMwpuevq8qgV6zASD+VuUd36r\nfoEOKVj+FIHehWSef9pP48Na8bOn0EDVqtZEPOjE6o8Y8PjgSf7BSNogppZncldw\nVREox9NsxGM9hSVh3lVBWL8lT76HQVzXjfXXXoIEFDiGokNRV/dNTuhhb/mh0zxr\nVTKBboC6ijQVCdVQ7UdGFnoVXOWW2gy8sdam40ELBUCGDD5XI7A\\xeajm\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-6422-1\nOctober 09, 2023\n\nring vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Ring. \n\nSoftware Description:\n- ring: Secure and distributed voice, video, and chat platform\n\nDetails:\n\nIt was discovered that Ring incorrectly handled certain inputs. If a user or\nan automated system were tricked into opening a specially crafted input file,\na remote attacker could possibly use this issue to execute arbitrary code. \n(CVE-2021-37706)\n\nIt was discovered that Ring incorrectly handled certain inputs. If a user or\nan automated system were tricked into opening a specially crafted input file,\na remote attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,\nCVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723,\nCVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754,\nCVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031,\nCVE-2022-39244)\n\nIt was discovered that Ring incorrectly handled certain inputs. If a user or\nan automated system were tricked into opening a specially crafted input file,\na remote attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722)\n\nIt was discovered that Ring incorrectly handled certain inputs. If a user or\nan automated system were tricked into opening a specially crafted input file,\na remote attacker could possibly use this issue to cause a denial of service. \n(CVE-2023-27585)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.04:\n jami 20230206.0~ds1-5ubuntu0.1\n jami-daemon 20230206.0~ds1-5ubuntu0.1\n\nUbuntu 20.04 LTS:\n jami 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1\n jami-daemon 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1\n ring 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1\n ring-daemon 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n ring 20180228.1.503da2b~ds1-1ubuntu0.1~esm1\n ring-daemon 20180228.1.503da2b~ds1-1ubuntu0.1~esm1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6422-1\n CVE-2021-37706, CVE-2021-43299, CVE-2021-43300, CVE-2021-43301,\n CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845,\n CVE-2022-21722, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547,\n CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764,\n CVE-2022-24793, CVE-2022-31031, CVE-2022-39244, CVE-2023-27585\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ring/20230206.0~ds1-5ubuntu0.1\n \nhttps://launchpad.net/ubuntu/+source/ring/20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1\n\n. Asterisk Project Security Advisory - AST-2022-005\n\n Product Asterisk \n Summary pjproject: undefined behavior after freeing a dialog \n set \n Nature of Advisory Denial of service \n Susceptibility Remote unauthenticated sessions \n Severity Major \n Exploits Known Yes \n Reported On March 3, 2022 \n Reported By Sauw Ming \n Posted On March 4, 2022 \n Last Updated On March 3, 2022 \n Advisory Contact kharwell AT sangoma DOT com \n CVE Name CVE-2022-23608 \n\n Description When acting as a UAC, and when placing an outgoing \n call to a target that then forks Asterisk may \n experience undefined behavior (crashes, hangs, etc\u2026) \n after a dialog set is prematurely freed. \n Modules Affected bundled pjproject \n\n Resolution If you use \u201cwith-pjproject-bundled\u201d then upgrade to, or \n install one of, the versions of Asterisk listed below. \n Otherwise install the appropriate version of pjproject that \n contains the patch. \n\n Affected Versions\n Product Release Series \n Asterisk Open Source 16.x All versions \n Asterisk Open Source 18.x All versions \n Asterisk Open Source 19.x All versions \n Certified Asterisk 16.x All versions \n\n Corrected In\n Product Release \n Asterisk Open Source 16.24.1,18.10.1,19.2.1 \n Certified Asterisk 16.8-cert13 \n\n Patches \n Patch URL Revision \n https://downloads.digium.com/pub/security/AST-2022-005-16.diff Asterisk \n 16 \n https://downloads.digium.com/pub/security/AST-2022-005-18.diff Asterisk \n 18 \n https://downloads.digium.com/pub/security/AST-2022-005-19.diff Asterisk \n 19 \n https://downloads.digium.com/pub/security/AST-2022-005-16.8.diff Certified \n Asterisk \n 16.8 \n\nLinks https://issues.asterisk.org/jira/browse/ASTERISK-29945 \n \n https://downloads.asterisk.org/pub/security/AST-2022-005.html \n \n https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at \n https://downloads.digium.com/pub/security/AST-2022-005.pdf and \n https://downloads.digium.com/pub/security/AST-2022-005.html \n\n Revision History\n Date Editor Revisions Made \n March 3, 2022 Kevin Harwell Initial revision \n\n Asterisk Project Security Advisory - AST-2022-005\n Copyright \u00a9 2022 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23608"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006237"
},
{
"db": "VULMON",
"id": "CVE-2022-23608"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "175025"
},
{
"db": "PACKETSTORM",
"id": "166226"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23608",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "166226",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006237",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169618",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169938",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.0942",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1414",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022414",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030601",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1757",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-23608",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175025",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23608"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "175025"
},
{
"db": "PACKETSTORM",
"id": "166226"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1757"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006237"
},
{
"db": "NVD",
"id": "CVE-2022-23608"
}
]
},
"id": "VAR-202202-0167",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.348297215
},
"last_update_date": "2025-11-18T12:34:49.883000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PJSIP Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=184333"
},
{
"title": "Debian CVElist Bug Report Logs: ring: CVE-2021-32686 CVE-2021-37706 CVE-2022-21723 CVE-2022-23608 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2022-21722 CVE-2022-24754 CVE-2022-24763 CVE-2022-24764 CVE-2022-24793",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4e89fc7b47aa12e94340b2e2db73b906"
},
{
"title": "Debian Security Advisories: DSA-5285-1 asterisk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=edc2cf0db8c0593c65c4c82227026727"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23608"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1757"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.0
},
{
"problemtype": "Use of freed memory (CWE-416) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006237"
},
{
"db": "NVD",
"id": "CVE-2022-23608"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/166226/asterisk-project-security-advisory-ast-2022-005.html"
},
{
"trust": 2.6,
"url": "https://github.com/pjsip/pjproject/security/advisories/ghsa-ffff-m5fm-qm62"
},
{
"trust": 2.6,
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"trust": 2.6,
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"trust": 2.5,
"url": "https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/mar/1"
},
{
"trust": 2.5,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"trust": 2.5,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html"
},
{
"trust": 2.5,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23608"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169618/gentoo-linux-security-advisory-202210-37.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-reuse-after-free-via-pjproject-dialog-set-37713"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-23608/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169938/debian-security-advisory-5285-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022414"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030601"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0942"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1414"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43804"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24764"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21722"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37706"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24763"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24793"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39244"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43845"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21723"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43303"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43302"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24754"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39269"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32686"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46837"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43301"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-29017."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43300"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6422-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ring/20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27585"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23537"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ring/20230206.0~ds1-5ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23547"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-005-18.diff"
},
{
"trust": 0.1,
"url": "https://downloads.asterisk.org/pub/security/ast-2022-005.html"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-005-19.diff"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-005.pdf"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-29945"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-005.html"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-005-16.diff"
},
{
"trust": 0.1,
"url": "https://downloads.digium.com/pub/security/ast-2022-005-16.8.diff"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23608"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "175025"
},
{
"db": "PACKETSTORM",
"id": "166226"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1757"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006237"
},
{
"db": "NVD",
"id": "CVE-2022-23608"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-23608"
},
{
"db": "PACKETSTORM",
"id": "169618"
},
{
"db": "PACKETSTORM",
"id": "169938"
},
{
"db": "PACKETSTORM",
"id": "175025"
},
{
"db": "PACKETSTORM",
"id": "166226"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1757"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006237"
},
{
"db": "NVD",
"id": "CVE-2022-23608"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23608"
},
{
"date": "2022-11-01T13:21:55",
"db": "PACKETSTORM",
"id": "169618"
},
{
"date": "2022-11-18T14:28:10",
"db": "PACKETSTORM",
"id": "169938"
},
{
"date": "2023-10-10T14:47:37",
"db": "PACKETSTORM",
"id": "175025"
},
{
"date": "2022-03-07T16:28:25",
"db": "PACKETSTORM",
"id": "166226"
},
{
"date": "2022-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1757"
},
{
"date": "2023-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006237"
},
{
"date": "2022-02-22T20:15:07.693000",
"db": "NVD",
"id": "CVE-2022-23608"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23608"
},
{
"date": "2022-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1757"
},
{
"date": "2023-07-03T08:38:00",
"db": "JVNDB",
"id": "JVNDB-2022-006237"
},
{
"date": "2025-11-04T16:15:47.087000",
"db": "NVD",
"id": "CVE-2022-23608"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "175025"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1757"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Teluu\u00a0Ltd.\u00a0 of \u00a0PJSIP\u00a0 Vulnerability related to use of freed memory in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006237"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1757"
}
],
"trust": 0.6
}
}
VAR-202508-3383
Vulnerability from variot - Updated: 2025-11-18 11:35Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202508-3383",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "22.5.2"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "21.10.2"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "22.0.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "sangoma",
"version": "21.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "sangoma",
"version": "20.15.2"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-57767"
}
]
},
"cve": "CVE-2025-57767",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2025-57767",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "security-advisories@github.com",
"id": "CVE-2025-57767",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-57767"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn\u0027t in a previous 401 response\u0027s WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn\u0027t being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds.",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-57767"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-57767",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-57767"
}
]
},
"id": "VAR-202508-3383",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19659443
},
"last_update_date": "2025-11-18T11:35:39.801000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-253",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-57767"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f"
},
{
"trust": 1.0,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-64qc-9x89-rx5j"
},
{
"trust": 1.0,
"url": "https://github.com/asterisk/asterisk/pull/1407"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-57767"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-57767"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-28T16:15:35.410000",
"db": "NVD",
"id": "CVE-2025-57767"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-20T17:51:12.860000",
"db": "NVD",
"id": "CVE-2025-57767"
}
]
}
}
VAR-202412-0224
Vulnerability from variot - Updated: 2025-09-20 23:21An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202412-0224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027876"
}
]
},
"cve": "CVE-2024-53566",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-53566",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-027876",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-53566",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-027876",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027876"
},
{
"db": "NVD",
"id": "CVE-2024-53566"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-53566"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-027876"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-53566",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-027876",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027876"
},
{
"db": "NVD",
"id": "CVE-2024-53566"
}
]
},
"id": "VAR-202412-0224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19659443
},
"last_update_date": "2025-09-20T23:21:33.662000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027876"
},
{
"db": "NVD",
"id": "CVE-2024-53566"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://gist.github.com/hyp164d1/e7c0f44ffb38c00320aa1a6d98bee616"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/blob/22/main/manager.c#l2556"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00003.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-53566"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027876"
},
{
"db": "NVD",
"id": "CVE-2024-53566"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027876"
},
{
"db": "NVD",
"id": "CVE-2024-53566"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-027876"
},
{
"date": "2024-12-02T18:15:11.500000",
"db": "NVD",
"id": "CVE-2024-53566"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-18T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2024-027876"
},
{
"date": "2025-02-06T02:15:10.167000",
"db": "NVD",
"id": "CVE-2024-53566"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma\u00a0 of \u00a0Asterisk\u00a0 Path traversal vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027876"
}
],
"trust": 0.8
}
}
VAR-202405-3659
Vulnerability from variot - Updated: 2025-09-01 23:43Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1. Sangoma of Asterisk contains vulnerabilities related to improper implementation of authentication algorithms, vulnerabilities related to the use of operators, and vulnerabilities related to improper implementation of control flow.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-3659",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "eq",
"trust": 1.8,
"vendor": "sangoma",
"version": "21.3.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.8,
"vendor": "sangoma",
"version": "20.8.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.8,
"vendor": "sangoma",
"version": "18.23.0"
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027548"
},
{
"db": "NVD",
"id": "CVE-2024-35190"
}
]
},
"cve": "CVE-2024-35190",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2024-35190",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2024-35190",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2024-35190",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "security-advisories@github.com",
"id": "CVE-2024-35190",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-35190",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-35190",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027548"
},
{
"db": "NVD",
"id": "CVE-2024-35190"
},
{
"db": "NVD",
"id": "CVE-2024-35190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1. Sangoma of Asterisk contains vulnerabilities related to improper implementation of authentication algorithms, vulnerabilities related to the use of operators, and vulnerabilities related to improper implementation of control flow.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-35190"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-027548"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-35190",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-027548",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027548"
},
{
"db": "NVD",
"id": "CVE-2024-35190"
}
]
},
"id": "VAR-202405-3659",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19659443
},
"last_update_date": "2025-09-01T23:43:00.102000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-480",
"trust": 1.0
},
{
"problemtype": "CWE-303",
"trust": 1.0
},
{
"problemtype": "CWE-670",
"trust": 1.0
},
{
"problemtype": "Improper implementation of authentication algorithms (CWE-303) [ others ]",
"trust": 0.8
},
{
"problemtype": " Incorrect operator usage (CWE-480) [ others ]",
"trust": 0.8
},
{
"problemtype": " Consistently bad control flow implementation (CWE-670) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027548"
},
{
"db": "NVD",
"id": "CVE-2024-35190"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/pull/600"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/pull/602"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-qqxj-v78h-hrf9"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-35190"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027548"
},
{
"db": "NVD",
"id": "CVE-2024-35190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027548"
},
{
"db": "NVD",
"id": "CVE-2024-35190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-027548"
},
{
"date": "2024-05-17T17:15:07.067000",
"db": "NVD",
"id": "CVE-2024-35190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-27T07:17:00",
"db": "JVNDB",
"id": "JVNDB-2024-027548"
},
{
"date": "2025-08-26T16:19:01.210000",
"db": "NVD",
"id": "CVE-2024-35190"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma\u00a0 of \u00a0Asterisk\u00a0 Vulnerability related to improper implementation of authentication algorithms in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027548"
}
],
"trust": 0.8
}
}