Published: 14/12/2023 Updated: 29/12/2023

CVSS v3 Base Score: 8.2 | Impact Score: 4.2 | Exploitability Score: 3.9

VMScore: 0

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sangoma certified asterisk 18.9
sangoma certified asterisk 13.13.0
sangoma certified asterisk 16.8.0
digium asterisk 21.0.0
digium asterisk

Debian Bug report logs - #1059303 asterisk: CVE-2023-37457 CVE-2023-38703 Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 22 Dec 2023 13:30:01 UTC Severity: grave Tags: security, upstream ...

CWE-120 https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-37457

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect