Lucene search
PRIOn knowledge basePRION:CVE-2023-37457HistoryDec 14, 2023 - 8:15 p.m.
Design/Logic Flaw
2023-12-1420:15:00
PRIOn knowledge base
www.prio-n.com
8
asterisk
logic flaw
buffer overflow
memory corruption
crash
pjsip_header
vulnerability
patch available
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the ‘update’ functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the ‘update’ functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
Related
nvd
nvd
CVE-2023-37457
2023-12-14 20:15:52
osv
osv
CVE-2023-37457
2023-12-14 20:15:52
asterisk - security update
2023-12-28 00:00:00
asterisk - security update
2024-01-04 00:00:00
cnvd
cnvd
Asterisk Buffer Overflow Vulnerability (CNVD-2023-9903086)
2023-12-18 00:00:00
debiancve
debiancve
CVE-2023-37457
2023-12-14 20:15:52
cvelist
cvelist
veracode
veracode
Buffer Overflow
2024-01-13 17:28:17
alpinelinux
alpinelinux
CVE-2023-37457
2023-12-14 20:15:52
ubuntucve
ubuntucve
CVE-2023-37457
2023-12-14 00:00:00
cve
cve
CVE-2023-37457
2023-12-14 20:15:52
openvas
openvas
Asterisk Multiple Vulnerabilities (Dec 2023)
2023-12-15 00:00:00
Debian: Security Advisory (DSA-5596-1)
2024-01-12 00:00:00
Debian: Security Advisory (DLA-3696-1)
2024-01-12 00:00:00
debian
debian
[SECURITY] [DSA 5596-1] asterisk security update
2024-01-04 21:39:15
[SECURITY] [DLA 3696-1] asterisk security update
2023-12-28 23:01:50