CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 5CVE-2023-49786 – Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
https://notcve.org/view.php?id=CVE-2023-49786
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. • http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html http://seclists.org/fulldisclosure/2023/Dec/24 http://www.openwall.com/lists/oss-security/2023/12/15/7 https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05 https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.2EPSS: 0%CPEs: 31EXPL: 0CVE-2023-37457 – Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
https://notcve.org/view.php?id=CVE-2023-37457
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. • https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2023-49294 – Asterisk Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2023-49294
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Asterisk es un conjunto de herramientas de telefonía y centralita privada de código abierto. • https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757 https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5 https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-46837
https://notcve.org/view.php?id=CVE-2021-46837
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation. La función res_pjsip_t38 en Sangoma Asterisk versiones 16.x anteriores a 16.16.2, 17.x anteriores a 17.9.3, y 18.x anteriores a 18.2.2, y Certified Asterisk anteriores a 16.8-cert7, permite a un atacante desencadenar un fallo mediante el envío de una línea m=image y un puerto cero en una respuesta a una Re invitación T.38 iniciada por Asterisk. Se trata de una reaparición de los síntomas de la CVE-2019-15297 pero no exactamente por el mismo motivo. • https://downloads.asterisk.org/pub/security/AST-2021-006.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://www.debian.org/security/2022/dsa-5285 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 0CVE-2022-26498 – Shannon Baseband chatroom SDP Attribute Memory Corruption
https://notcve.org/view.php?id=CVE-2022-26498
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. Se ha detectado un problema en Asterisk versiones hasta 19.x. • http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html https://downloads.asterisk.org/pub/security https://downloads.asterisk.org/pub/security/AST-2022-001.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://www.debian.org/security/2022/dsa-5285 • CWE-400: Uncontrolled Resource Consumption •