Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37457.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-120"
]
}{
"cpe": [
"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "18.20.0"
},
{
"introduced": "19.0.0"
},
{
"last_affected": "20.5.0"
},
{
"introduced": "21.0.0"
},
{
"last_affected": "21.0.0"
},
{
"introduced": "13.13.0"
},
{
"last_affected": "13.13.0"
},
{
"introduced": "13.13.0-rc1"
},
{
"last_affected": "13.13.0-rc1"
},
{
"introduced": "13.13.0-rc2"
},
{
"last_affected": "13.13.0-rc2"
},
{
"introduced": "16.8.0-NA"
},
{
"last_affected": "16.8.0-NA"
},
{
"introduced": "18.9-cert1"
},
{
"last_affected": "18.9-cert1"
},
{
"introduced": "18.9-cert2"
},
{
"last_affected": "18.9-cert2"
},
{
"introduced": "18.9-cert3"
},
{
"last_affected": "18.9-cert3"
},
{
"introduced": "18.9-cert4"
},
{
"last_affected": "18.9-cert4"
},
{
"introduced": "18.9-cert5"
},
{
"last_affected": "18.9-cert5"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
]
}