cve-2023-37457
Vulnerability from cvelistv5
Published
2023-12-14 19:43
Modified
2025-02-13 17:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
References
security-advisories@github.comhttps://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113faPatch
security-advisories@github.comhttps://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hhVendor Advisory
security-advisories@github.comhttps://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
af854a3a-2127-422b-91ae-364da2661108https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113faPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hhVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
Impacted products
Vendor Product Version
asterisk asterisk Version: <= 18.20.0
Version: >= 19.0.0, <= 20.5.0
Version: = 21.0.0
Version: <= 18.9-cert5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T17:16:30.273Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
               },
               {
                  name: "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "asterisk",
               vendor: "asterisk",
               versions: [
                  {
                     status: "affected",
                     version: "<= 18.20.0",
                  },
                  {
                     status: "affected",
                     version: ">= 19.0.0, <= 20.5.0",
                  },
                  {
                     status: "affected",
                     version: "= 21.0.0",
                  },
                  {
                     status: "affected",
                     version: "<= 18.9-cert5",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-12-29T00:06:20.393Z",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               name: "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
            },
            {
               name: "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html",
            },
         ],
         source: {
            advisory: "GHSA-98rc-4j27-74hh",
            discovery: "UNKNOWN",
         },
         title: "Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'",
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2023-37457",
      datePublished: "2023-12-14T19:43:30.945Z",
      dateReserved: "2023-07-06T13:01:36.996Z",
      dateUpdated: "2025-02-13T17:01:26.636Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2023-37457\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-12-14T20:15:52.260\",\"lastModified\":\"2024-11-21T08:11:44.807\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.\"},{\"lang\":\"es\",\"value\":\"Asterisk es un conjunto de herramientas de telefonía y centralita privada de código abierto. En las versiones de Asterisk 18.20.0 y anteriores, 20.5.0 y anteriores y 21.0.0; así como ceritifed-asterisk 18.9-cert5 y anteriores, la funcionalidad de 'actualización' de la función de dialplan PJSIP_HEADER puede exceder el espacio de búfer disponible para almacenar el nuevo valor de un encabezado. Al hacerlo, esto puede sobrescribir la memoria o provocar un bloqueo. Esto no se puede explotar externamente, a menos que el dialplan esté escrito explícitamente para actualizar un encabezado en función de datos de una fuente externa. Si no se utiliza la funcionalidad de 'actualización', la vulnerabilidad no se produce. Hay un parche disponible en el commit a1ca0268254374b515fa5992f01340f7717113fa.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"18.20.0\",\"matchCriteriaId\":\"2AD913C8-79A0-4FE9-9BBD-52BD3260AB2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.0.0\",\"versionEndIncluding\":\"20.5.0\",\"matchCriteriaId\":\"DA2E162A-E994-4F25-AE13-D7C889394AC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E690E3-3E92-42ED-87DD-1C6B838A3FF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AFE2011-05AA-45A6-A561-65C6C664DA7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1117AA4-CE6B-479B-9995-A9F71C430663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"775041BD-5C86-42B6-8B34-E1D5171B3D87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"55EC2877-2FF5-4777-B118-E764A94BCE56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB0392C9-A5E9-4D71-8B8D-63FB96E055A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"09AF962D-D4BB-40BA-B435-A59E4402931C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*\",\"matchCriteriaId\":\"559D1063-7F37-44F8-B5C6-94758B675FDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*\",\"matchCriteriaId\":\"185B2B4B-B246-4379-906B-9BDA7CDD4400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"73D3592D-3CE5-4462-9FE8-4BCB54E74B5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EAD713A-CBA2-40C3-9DE3-5366827F18C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9B96A53-2263-463C-9CCA-0F29865FE500\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*\",\"matchCriteriaId\":\"A53049F1-8551-453E-834A-68826A7AA959\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*\",\"matchCriteriaId\":\"B224A4E9-4B6B-4187-B0D6-E4BAE2637960\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9501DBFF-516D-4F26-BBF6-1B453EE2A630\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D3E9AC0-C0B4-4E87-8D48-2B688D28B678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E27A6FD1-9321-4C9E-B32B-D6330CD3DC92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C75A21E-5D05-434B-93DE-8DAC4DD3E587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D725758-C9F5-4DB2-8C45-CC052518D3FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*\",\"matchCriteriaId\":\"79EEB5E5-B79E-454B-8DCD-3272BA337A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*\",\"matchCriteriaId\":\"892BAE5D-A64E-4FE0-9A99-8C07F342A042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A716A45-7075-4CA6-9EF5-2DD088248A5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*\",\"matchCriteriaId\":\"80EFA05B-E22D-49CE-BDD6-5C7123F1C12B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*\",\"matchCriteriaId\":\"20FD475F-2B46-47C9-B535-1561E29CB7A1\"}]}]}],\"references\":[{\"url\":\"https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.