| Name | CVE-2025-57767 |
| Description | Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1112470 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| asterisk (PTS) | bullseye | 1:16.28.0~dfsg-0+deb11u4 | fixed |
| bullseye (security) | 1:16.28.0~dfsg-0+deb11u8 | fixed | |
| sid | 1:22.5.2~dfsg+~cs6.15.60671435-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| asterisk | source | bullseye | (not affected) | |||
| asterisk | source | (unstable) | 1:22.5.2~dfsg+~cs6.15.60671435-1 | 1112470 |
[bullseye] - asterisk <not-affected> (The vulnerable code was introduced later)
https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j
https://github.com/asterisk/asterisk/pull/1407
Fixed by: https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f