In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
References
Link | Resource |
---|---|
https://downloads.asterisk.org/pub/security/AST-2022-007.html | Mitigation Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html | |
https://www.debian.org/security/2023/dsa-5358 |
Configurations
Configuration 1 (hide)
|
History
24 Feb 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Feb 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Dec 2022, 17:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sangoma
Sangoma asterisk |
|
CWE | CWE-787 | |
CPE | cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:* cpe:2.3:a:sangoma:asterisk:20.0.0:*:*:*:*:*:*:* |
|
References | (MISC) https://downloads.asterisk.org/pub/security/AST-2022-007.html - Mitigation, Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
05 Dec 2022, 23:40
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-05 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-37325
Mitre link : CVE-2022-37325
CVE.ORG link : CVE-2022-37325
JSON object : View
Products Affected
sangoma
- asterisk
CWE
CWE-787
Out-of-bounds Write