{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-37457", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-07-06T13:01:36.996Z", "datePublished": "2023-12-14T19:43:30.945Z", "dateUpdated": "2023-12-14T19:43:30.945Z"}, "containers": {"cna": {"title": "Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'", "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "lang": "en", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"}, {"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa", "tags": ["x_refsource_MISC"], "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"}], "affected": [{"vendor": "asterisk", "product": "asterisk", "versions": [{"version": "<= 18.20.0", "status": "affected"}, {"version": ">= 19.0.0, <= 20.5.0", "status": "affected"}, {"version": "= 21.0.0", "status": "affected"}, {"version": " <= 18.9-cert5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-14T19:43:30.945Z"}, "descriptions": [{"lang": "en", "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."}], "source": {"advisory": "GHSA-98rc-4j27-74hh", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AD913C8-79A0-4FE9-9BBD-52BD3260AB2F", "versionEndIncluding": "18.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA2E162A-E994-4F25-AE13-D7C889394AC4", "versionEndIncluding": "20.5.0", "versionStartIncluding": "19.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*", "matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*", "matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*", "matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*", "matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*", "matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*", "matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*", "matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*", "matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*", "matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*", "matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*", "matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*", "matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*", "matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*", "matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*", "matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*", "matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*", "matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*", "matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*", "matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*", "matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*", "matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*", "matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*", "matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*", "matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*", "matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."}, {"lang": "es", "value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En las versiones de Asterisk 18.20.0 y anteriores, 20.5.0 y anteriores y 21.0.0; as\u00ed como ceritifed-asterisk 18.9-cert5 y anteriores, la funcionalidad de 'actualizaci\u00f3n' de la funci\u00f3n de dialplan PJSIP_HEADER puede exceder el espacio de b\u00fafer disponible para almacenar el nuevo valor de un encabezado. Al hacerlo, esto puede sobrescribir la memoria o provocar un bloqueo. Esto no se puede explotar externamente, a menos que el dialplan est\u00e9 escrito expl\u00edcitamente para actualizar un encabezado en funci\u00f3n de datos de una fuente externa. Si no se utiliza la funcionalidad de 'actualizaci\u00f3n', la vulnerabilidad no se produce. Hay un parche disponible en el commit a1ca0268254374b515fa5992f01340f7717113fa."}], "id": "CVE-2023-37457", "lastModified": "2023-12-29T00:15:49.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-12-14T20:15:52.260", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"}, {"source": "security-advisories@github.com", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}