CVE-2023-37457

NameCVE-2023-37457
DescriptionAsterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3696-1, DSA-5596-1
Debian Bugs1059303

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
asterisk (PTS)bullseye (security), bullseye1:16.28.0~dfsg-0+deb11u4fixed
sid1:20.8.1~dfsg+~cs6.14.40431414-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
asterisksourcebuster1:16.28.0~dfsg-0+deb10u4DLA-3696-1
asterisksourcebullseye1:16.28.0~dfsg-0+deb11u4DSA-5596-1
asterisksource(unstable)1:20.8.1~dfsg+~cs6.14.40431414-11059303

Notes

https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh
https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa
Search for package or bug name: Reporting problems