// For flags

CVE-2023-37457

Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'

Severity Score

8.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

Asterisk es un conjunto de herramientas de telefonía y centralita privada de código abierto. En las versiones de Asterisk 18.20.0 y anteriores, 20.5.0 y anteriores y 21.0.0; así como ceritifed-asterisk 18.9-cert5 y anteriores, la funcionalidad de 'actualización' de la función de dialplan PJSIP_HEADER puede exceder el espacio de búfer disponible para almacenar el nuevo valor de un encabezado. Al hacerlo, esto puede sobrescribir la memoria o provocar un bloqueo. Esto no se puede explotar externamente, a menos que el dialplan esté escrito explícitamente para actualizar un encabezado en función de datos de una fuente externa. Si no se utiliza la funcionalidad de 'actualización', la vulnerabilidad no se produce. Hay un parche disponible en el commit a1ca0268254374b515fa5992f01340f7717113fa.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-07-06 CVE Reserved
  • 2023-12-14 CVE Published
  • 2023-12-29 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Digium
Search vendor "Digium"
Asterisk
Search vendor "Digium" for product "Asterisk"
<= 18.20.0
Search vendor "Digium" for product "Asterisk" and version " <= 18.20.0"
-
Affected
Digium
Search vendor "Digium"
Asterisk
Search vendor "Digium" for product "Asterisk"
>= 19.0.0 <= 20.5.0
Search vendor "Digium" for product "Asterisk" and version " >= 19.0.0 <= 20.5.0"
-
Affected
Digium
Search vendor "Digium"
Asterisk
Search vendor "Digium" for product "Asterisk"
21.0.0
Search vendor "Digium" for product "Asterisk" and version "21.0.0"
-
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
13.13.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "13.13.0"
-
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
13.13.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "13.13.0"
cert1
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
13.13.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "13.13.0"
cert1-rc1
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
13.13.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "13.13.0"
cert1-rc2
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
13.13.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "13.13.0"
cert1-rc3
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
13.13.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "13.13.0"
cert1-rc4
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
13.13.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "13.13.0"
cert2
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
13.13.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "13.13.0"
cert3
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
13.13.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "13.13.0"
rc1
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
13.13.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "13.13.0"
rc2
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
-
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert1
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert10
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert11
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert12
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert2
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert3
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert4
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert5
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert6
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert7
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert8
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
16.8.0
Search vendor "Sangoma" for product "Certified Asterisk" and version "16.8.0"
cert9
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
18.9
Search vendor "Sangoma" for product "Certified Asterisk" and version "18.9"
cert1
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
18.9
Search vendor "Sangoma" for product "Certified Asterisk" and version "18.9"
cert2
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
18.9
Search vendor "Sangoma" for product "Certified Asterisk" and version "18.9"
cert3
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
18.9
Search vendor "Sangoma" for product "Certified Asterisk" and version "18.9"
cert4
Affected
Sangoma
Search vendor "Sangoma"
Certified Asterisk
Search vendor "Sangoma" for product "Certified Asterisk"
18.9
Search vendor "Sangoma" for product "Certified Asterisk" and version "18.9"
cert5
Affected