// For flags

CVE-2022-42705

 

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.

Un use after free en res_pjsip_pubsub.c en Sangoma Asterisk 16.28, 18.14, 19.6 y certificado/18.9-cert2 puede permitir que un atacante remoto autenticado bloquee Asterisk (denegación de servicio) al realizar actividad en una suscripción a través de un transporte confiable en al mismo tiempo que Asterisk también realiza actividad en esa suscripción.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-10-10 CVE Reserved
  • 2022-12-05 CVE Published
  • 2024-07-26 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-416: Use After Free
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sangoma
Search vendor "Sangoma"
Asterisk
Search vendor "Sangoma" for product "Asterisk"
>= 16.0.0 < 16.29.1
Search vendor "Sangoma" for product "Asterisk" and version " >= 16.0.0 < 16.29.1"
-
Affected
Sangoma
Search vendor "Sangoma"
Asterisk
Search vendor "Sangoma" for product "Asterisk"
>= 18.14.0 < 18.15.1
Search vendor "Sangoma" for product "Asterisk" and version " >= 18.14.0 < 18.15.1"
-
Affected
Sangoma
Search vendor "Sangoma"
Asterisk
Search vendor "Sangoma" for product "Asterisk"
>= 19.6.0 < 19.7.1
Search vendor "Sangoma" for product "Asterisk" and version " >= 19.6.0 < 19.7.1"
-
Affected
Sangoma
Search vendor "Sangoma"
Asterisk
Search vendor "Sangoma" for product "Asterisk"
20.0.0
Search vendor "Sangoma" for product "Asterisk" and version "20.0.0"
-
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
18.9
Search vendor "Sangoma" for product "Certified Asterisk" and version "18.9"
cert2
Affected