CVE-2022-23537

CRITICAL9.8EPSS 0.42%

asterisk - security update

Published: 12/20/2022Modified: 3/9/2026

Also known as:DSA-5358-1ALPINE-CVE-2022-23537DEBIAN-CVE-2022-23537DEBIAN-CVE-2022-23547DEBIAN-CVE-2022-31031DEBIAN-CVE-2022-37325DEBIAN-CVE-2022-39244DEBIAN-CVE-2022-42705DEBIAN-CVE-2022-42706

Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).

Affected packages (5)

Alpine/asteriskfrom 0, < 18.20.2-r0
Debian/asteriskfrom 0, < 1:16.28.0~dfsg-0+deb11u2
Debian/asteriskfrom 0, < 1:16.28.0~dfsg-0+deb10u2
Debian/asteriskfrom 0, < 1:16.28.0~dfsg-0+deb11u2
Debian/ringfrom 0, < 20210112.2.b757bac~ds1-1+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Affected packages (5)

CVSS scores

References (2)