1. CVE-Search
  2. CVE-2022-42705
ID CVE-2022-42705
Summary A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.
References
Vulnerable Configurations
  • cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
    cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.8.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.8.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.9.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.9.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.10.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.10.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.11.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.11.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.12.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.12.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.14.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.14.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.15.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.15.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.16.0:-:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.16.0:-:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.16.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.16.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:16.16.1:-:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:16.16.1:-:*:*:*:*:*:*
  • cpe:2.3:a:sangoma:asterisk:20.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:sangoma:asterisk:20.0.0:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 24-02-2023 - 00:15
Published 05-12-2022 - 21:15
Last modified 24-02-2023 - 00:15
Back to Top