Bug 2254625 (CVE-2023-37457) - CVE-2023-37457 asterisk: potential buffer overflow in PJSIP_HEADER dialplan function
Summary: CVE-2023-37457 asterisk: potential buffer overflow in PJSIP_HEADER dialplan f...
Keywords:
Status: NEW
Alias: CVE-2023-37457
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2254626 2254627
Blocks: 2254624
TreeView+ depends on / blocked
 
Reported: 2023-12-14 23:03 UTC by Robb Gatica
Modified: 2023-12-15 06:11 UTC (History)
0 users

Fixed In Version:
Doc Type: ---
Doc Text:
A flaw was discovered in Asterisk. In certain circumstances, a remote attacker may trigger a condition where available memory buffer space is exceeded. This may lead to a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Robb Gatica 2023-12-14 23:03:12 UTC 
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa
https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh
Comment 1 Robb Gatica 2023-12-14 23:03:28 UTC 
Created asterisk tracking bugs for this issue:

Affects: epel-all [bug 2254626]
Affects: fedora-all [bug 2254627]
Note You need to log in before you can comment on or make changes to this bug.