CVE-2023-37457

Published: Dic 14, 2023 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2023-41357 Aliases: GSD-2023-37457
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,1th
Updated

EPSS Score Trend (Last 90 Days)

120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu)
Applicable Platforms
Languages: Assembly, C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 13.13.0
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 13.13.0
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 18.9
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 18.9
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Asterisk by Digium

Product Information
Vendor Digium
Product Asterisk
Version Range Affected
To 18.20.0 (inclusive)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 13.13.0
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 13.13.0
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 13.13.0
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 13.13.0
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 13.13.0
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 18.9
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 18.9
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 18.9
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 13.13.0
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 13.13.0
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Asterisk by Digium

Product Information
Vendor Digium
Product Asterisk
Version 21.0.0
cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Asterisk by Digium

Product Information
Vendor Digium
Product Asterisk
Version Range Affected
From 19.0.0 (inclusive)
To 20.5.0 (inclusive)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 13.13.0
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Certified Asterisk by Sangoma

Product Information
Vendor Sangoma
Product Certified Asterisk
Version 16.8.0
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/asterisk/asterisk/commit/a1ca0268254374b…
Patch
https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717…
https://github.com/asterisk/asterisk/security/advisories/GH…
Vendor Advisory
https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh
https://lists.debian.org/debian-lts-announce/2023/12/msg000…
https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
https://github.com/asterisk/asterisk/commit/a1ca0268254374b…
Patch
https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717…
https://github.com/asterisk/asterisk/security/advisories/GH…
Vendor Advisory
https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh
https://lists.debian.org/debian-lts-announce/2023/12/msg000…
https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html