// For flags

CVE-2022-37325

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.

En Sangoma Asterisk hasta 16.28.0, 17.x y 18.x hasta 18.14.0, y 19.x hasta 19.6.0, un mensaje de configuraciĆ³n entrante a addons/ooh323c/src/ooq931.c con una persona que llama o una persona llamada con formato incorrecto IE puede provocar un bloqueo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-08-01 CVE Reserved
  • 2022-12-05 CVE Published
  • 2024-07-26 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sangoma
Search vendor "Sangoma"
Asterisk
Search vendor "Sangoma" for product "Asterisk"
>= 16.0.0 < 16.29.1
Search vendor "Sangoma" for product "Asterisk" and version " >= 16.0.0 < 16.29.1"
-
Affected
Sangoma
Search vendor "Sangoma"
Asterisk
Search vendor "Sangoma" for product "Asterisk"
>= 18.0.0 < 18.15.1
Search vendor "Sangoma" for product "Asterisk" and version " >= 18.0.0 < 18.15.1"
-
Affected
Sangoma
Search vendor "Sangoma"
Asterisk
Search vendor "Sangoma" for product "Asterisk"
>= 19.0.0 < 19.7.1
Search vendor "Sangoma" for product "Asterisk" and version " >= 19.0.0 < 19.7.1"
-
Affected
Sangoma
Search vendor "Sangoma"
Asterisk
Search vendor "Sangoma" for product "Asterisk"
20.0.0
Search vendor "Sangoma" for product "Asterisk" and version "20.0.0"
-
Affected