CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa	Patch
https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh	Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:digium:asterisk::::::::
	cpe:2.3:a:digium:asterisk::::::::
	cpe:2.3:a:digium:asterisk:21.0.0:::::::*
	cpe:2.3:a:sangoma:certified_asterisk:13.13.0:::::::*
	cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1::::::
	cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1::::::
	cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2::::::
	cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3::::::
	cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4::::::
	cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2::::::
	cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3::::::
	cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1::::::
	cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8::::::
	cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9::::::
	cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1::::::
	cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2::::::
	cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3::::::
	cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4::::::
	cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5::::::

History

No history.

Information

Published : 2023-12-14 20:15

Updated : 2023-12-29 00:15

NVD link : CVE-2023-37457

Mitre link : CVE-2023-37457

CVE.ORG link : CVE-2023-37457

JSON object : View

Products Affected

digium

asterisk

sangoma

certified_asterisk

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2023-37457", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-14T20:15:52.260", "references": [{"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html", "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."}, {"lang": "es", "value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En las versiones de Asterisk 18.20.0 y anteriores, 20.5.0 y anteriores y 21.0.0; as\u00ed como ceritifed-asterisk 18.9-cert5 y anteriores, la funcionalidad de 'actualizaci\u00f3n' de la funci\u00f3n de dialplan PJSIP_HEADER puede exceder el espacio de b\u00fafer disponible para almacenar el nuevo valor de un encabezado. Al hacerlo, esto puede sobrescribir la memoria o provocar un bloqueo. Esto no se puede explotar externamente, a menos que el dialplan est\u00e9 escrito expl\u00edcitamente para actualizar un encabezado en funci\u00f3n de datos de una fuente externa. Si no se utiliza la funcionalidad de 'actualizaci\u00f3n', la vulnerabilidad no se produce. Hay un parche disponible en el commit a1ca0268254374b515fa5992f01340f7717113fa."}], "lastModified": "2023-12-29T00:15:49.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AD913C8-79A0-4FE9-9BBD-52BD3260AB2F", "versionEndIncluding": "18.20.0"}, {"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA2E162A-E994-4F25-AE13-D7C889394AC4", "versionEndIncluding": "20.5.0", "versionStartIncluding": "19.0.0"}, {"criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B"}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}

8.2 /10