CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42706
https://notcve.org/view.php?id=CVE-2022-42706
An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal. Se descubrió un problema en Sangoma Asterisk hasta 16.28, 17 y 18 hasta 18.14, 19 hasta 19.6 y se certificó hasta 18.9-cert1. GetConfig, a través de la interfaz de Asterisk Manager, permite que una aplicación conectada acceda a archivos fuera del directorio de configuración de Asterisk, aka como Directory Traversal. • https://downloads.asterisk.org/pub/security/AST-2022-009.html https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html https://www.debian.org/security/2023/dsa-5358 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 0CVE-2022-23608 – Use after free in PJSIP
https://notcve.org/view.php?id=CVE-2022-23608
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. • http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html http://seclists.org/fulldisclosure/2022/Mar/1 https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https:/ • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 20EXPL: 0CVE-2021-37706 – Potential integer underflow upon receiving STUN message in PJSIP
https://notcve.org/view.php?id=CVE-2021-37706
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. • http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html http://seclists.org/fulldisclosure/2022/Mar/0 https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865 https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html https:/ • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-28242
https://notcve.org/view.php?id=CVE-2020-28242
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. Se detectó un problema en Asterisk Open Source versiones 13.x anteriores a 13.37.1, versiones 16.x anteriores a 16.14.1, versiones 17.x anteriores a 17.8.1 y versiones 18.x anteriores a 18.0.1 y Certified Asterisk versiones anteriores a 16.8-cert5. • http://downloads.asterisk.org/pub/security/AST-2020-002.html https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB • CWE-674: Uncontrolled Recursion •
CVSS: 5.3EPSS: 0%CPEs: 217EXPL: 0CVE-2019-13161
https://notcve.org/view.php?id=CVE-2019-13161
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). Se detectó un problema en Asterisk Open Source hasta versiones 13.27.0, 14.x y 15.x hasta 15.7.2, y versiones 16.x hasta 16.4.0, y Certified Asterisk hasta versión 13.21-cert3. • http://downloads.digium.com/pub/security/AST-2019-003.html https://issues.asterisk.org/jira/browse/ASTERISK-28465 https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html • CWE-476: NULL Pointer Dereference •