CVE-2022-37325
Debian Security Advisory 5358-1
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
En Sangoma Asterisk hasta 16.28.0, 17.x y 18.x hasta 18.14.0, y 19.x hasta 19.6.0, un mensaje de configuraciĆ³n entrante a addons/ooh323c/src/ooq931.c con una persona que llama o una persona llamada con formato incorrecto IE puede provocar un bloqueo.
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-01 CVE Reserved
- 2022-12-05 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://downloads.asterisk.org/pub/security/AST-2022-007.html | 2023-02-24 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2023/dsa-5358 | 2023-02-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sangoma Search vendor "Sangoma" | Asterisk Search vendor "Sangoma" for product "Asterisk" | >= 16.0.0 < 16.29.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 16.0.0 < 16.29.1" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Asterisk Search vendor "Sangoma" for product "Asterisk" | >= 18.0.0 < 18.15.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 18.0.0 < 18.15.1" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Asterisk Search vendor "Sangoma" for product "Asterisk" | >= 19.0.0 < 19.7.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 19.0.0 < 19.7.1" | - |
Affected
| ||||||
| Sangoma Search vendor "Sangoma" | Asterisk Search vendor "Sangoma" for product "Asterisk" | 20.0.0 Search vendor "Sangoma" for product "Asterisk" and version "20.0.0" | - |
Affected
| ||||||