Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

  • Published: Dec 14, 2023
  • Updated: Dec 21, 2023
  • CVE: CVE-2023-37457
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.2
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWEs:

Software From Fixed in
sangoma / certified_asterisk 18.9-cert2 18.9-cert2.x
sangoma / certified_asterisk 18.9-cert1 18.9-cert1.x
sangoma / certified_asterisk 18.9-cert3 18.9-cert3.x
sangoma / certified_asterisk 18.9-cert4 18.9-cert4.x
sangoma / certified_asterisk 18.9-cert5 18.9-cert5.x
sangoma / certified_asterisk 13.13.0 13.13.0.x
sangoma / certified_asterisk 13.13.0-cert1 13.13.0-cert1.x
sangoma / certified_asterisk 13.13.0-cert1-rc1 13.13.0-cert1-rc1.x
sangoma / certified_asterisk 13.13.0-cert1-rc2 13.13.0-cert1-rc2.x
sangoma / certified_asterisk 13.13.0-cert1-rc3 13.13.0-cert1-rc3.x
sangoma / certified_asterisk 13.13.0-cert1-rc4 13.13.0-cert1-rc4.x
sangoma / certified_asterisk 13.13.0-cert2 13.13.0-cert2.x
sangoma / certified_asterisk 13.13.0-cert3 13.13.0-cert3.x
sangoma / certified_asterisk 13.13.0-rc1 13.13.0-rc1.x
sangoma / certified_asterisk 13.13.0-rc2 13.13.0-rc2.x
sangoma / certified_asterisk 16.8.0 16.8.0.x
sangoma / certified_asterisk 16.8.0-cert1 16.8.0-cert1.x
sangoma / certified_asterisk 16.8.0-cert10 16.8.0-cert10.x
sangoma / certified_asterisk 16.8.0-cert11 16.8.0-cert11.x
sangoma / certified_asterisk 16.8.0-cert12 16.8.0-cert12.x
sangoma / certified_asterisk 16.8.0-cert2 16.8.0-cert2.x
sangoma / certified_asterisk 16.8.0-cert3 16.8.0-cert3.x
sangoma / certified_asterisk 16.8.0-cert4 16.8.0-cert4.x
sangoma / certified_asterisk 16.8.0-cert5 16.8.0-cert5.x
sangoma / certified_asterisk 16.8.0-cert6 16.8.0-cert6.x
sangoma / certified_asterisk 16.8.0-cert7 16.8.0-cert7.x
sangoma / certified_asterisk 16.8.0-cert8 16.8.0-cert8.x
sangoma / certified_asterisk 16.8.0-cert9 16.8.0-cert9.x
digium / asterisk 21.0.0 21.0.0.x
digium / asterisk 19.0.0 20.5.0.x
digium / asterisk - 18.20.0.x