CVE-2024-35190
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35190
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35190.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35190
- Aliases
-
- GHSA-qqxj-v78h-hrf9
- Downstream
- Published
- 2024-05-17T16:55:41.346Z
- Modified
- 2025-12-05T04:21:44.648584Z
- Severity
-
- 5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
- Summary
- Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests
- Details
-
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.
- Database specific
{ "cwe_ids": [ "CWE-303", "CWE-480", "CWE-670" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35190.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35190.json
- https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
- https://github.com/asterisk/asterisk/pull/600
- https://github.com/asterisk/asterisk/pull/602
- https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
- https://nvd.nist.gov/vuln/detail/CVE-2024-35190
Affected packages
Git / github.com/asterisk/asterisk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/asterisk/asterisk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "186040774487265813882168276571403515607",
"length": 316.0
},
"target": {
"file": "res/res_pjsip_endpoint_identifier_ip.c",
"function": "unload_module"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-00f2e926",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"316068877843558720322447803181969697209",
"24363393891510760272881567454949887470",
"116385994485311852395211686335675667931",
"116475400232439926964756878041978118170",
"59262124277762815660671945266482817937",
"86020723580676206030174175069459324150",
"258489699813553095652134165813132579739",
"227158266218398746040088326247062459290",
"201418472948700612655618698118243671350",
"169573822859822152697827175686268318622",
"181054091205835882700229120493052812430",
"297992395767516972434847103679942182244",
"252570076256300598715471767730093170783",
"77937325092566174822057815565088072163",
"268338876468931478069550215222042698396",
"191092726740188860237720645373840779959",
"289680352233861118834615140440355959147",
"35448438237468399358284465568118588920",
"316797850535701355148941405508356901398",
"251657596142003506609282120358464377511",
"23271141862415058611990160650796679670",
"132188329735335332302643793759707500318",
"56320015019173922883896795831974993652",
"214475030603751699029276710261758023133",
"292016216794036098911871383732252102980",
"338936959328812161404769508076853437998",
"4483476893888470877506639775579360192",
"148258786900315181831009753934931867223",
"238822564484973746417889136885389207148",
"163958967593096937558756540119238716280",
"102505604993946320028684935640062250100",
"8837931582297323787055575043359911944",
"262186848167469983456804158513858534243",
"216537995415204930211008750750545031610",
"91089688701113913242694810709538781250",
"321132894119870166114646519175565572506",
"78953190536256790579731675276236364358",
"338236110181405163671966565755676412600",
"29622839391287829418056463359579233809",
"232690968198551779773694905569280595990",
"287205022942542993883935651821776468635",
"6459907094327208148159793537393989080",
"101070599504055740541336859370508873314",
"213219525068764477108989857179348100862",
"53464793480304980883289150264313196007",
"217956916725611273480783116724546719736",
"326167009264428715531355865427976777652",
"283937541192179996776879043243472078329",
"145877491359131795674397935342828929178",
"338877992803043273561640145413749191556",
"40052999491592211049099703165540963138",
"41835047428680360072093448485337138020",
"88749702317421840390971293705035067358",
"90940031829345406852531635561006390803",
"62227934130087078437203169448875518670",
"219203436113241204676539953833241771025",
"297187318587146326299984136898689072893",
"150761729681328355237439482495062311764",
"19989317005268147474885548640479366208",
"117027636493829203862492015594502394954",
"108235366817949171691466891248443097733",
"301356437015347701879870342664218770961",
"338399924937297009145037035412134922044",
"220877224023812559606396878342776768977",
"81250532132273304275117596933613485928",
"215657568373332345596791049107171954138",
"290797338478075321543461471626521310948",
"246722197625490414893005787893097323937",
"272211008383739235888721181501547976232",
"294825402045477975415957347369698076372",
"30584587213142902972153208626010345669",
"145803864506505188249154510883819478089",
"320106371965746591930908061638708537488",
"310624652258493767071903844596688749183",
"278701548012730407873090948300155848102",
"227351610353502462583789068688993355546",
"156564408030247130473154742181539447752",
"108825291295630904533413496585312383529",
"178335852612254081388718469971254972327",
"83046076267809893392831635509606375854",
"94396692179072254055384525805500741717",
"15730535258587107379742048273534390702",
"121913009338681586960977186960106604712",
"185024937152924607534144347947194435189",
"337434101207553027096600520397163108125",
"158331078558731492611314236672836947644",
"305602893930793756099594594000479209514",
"320949798398556517163523476091891825815",
"68743784707068436353337488943565634423",
"12048663802389623977220651746003061625",
"164694516702113073038996328125136393697",
"114417846371837983764536993803390062515",
"5812137098099445686080783943887371479",
"150033906469982459261872050851787658965",
"258548615024387829293683310484905485227",
"204018832632400841861258708140528684481",
"248572754098703006722950654706334372684",
"142138015864337769731445680033802671371",
"158009349357521537562852777923744223439",
"35613722366843680972105411975614558874",
"276855464920930859085198696887123085834",
"317820474118993922966260030668004035687",
"271646418121686994532132302580734689640",
"155511024882222776581448553534313161838",
"265157485631902597049863466887376363145",
"218219322288610576459139968103584746395",
"237430552139785141970611755118097366665",
"142805152630922210827408704631109208213",
"130453850422622913889996671139679731574",
"21896174910616056784010497304176459723"
]
},
"target": {
"file": "res/res_pjsip_endpoint_identifier_ip.c"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-4c642da0",
"signature_version": "v1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "49907753423162129281696117219764624818",
"length": 668.0
},
"target": {
"file": "res/res_pjsip/pjsip_configuration.c",
"function": "sip_endpoint_identifier_str2type"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-664d94eb",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"132138607514681710505850682880712227515",
"294371235257432471427347120213446255368",
"27085527213542168052355838122394362394",
"72409703556799408462732007193965859469",
"320319677431383507065990283728179652759",
"315611593996080709077587458976533891638",
"49676520361783032430123591008046979927",
"20812129828567733327203266977001575942",
"108700490105913159305267531206244171280",
"215532450867433423073378505996038820649",
"229879799361846519626532037928516467658"
]
},
"target": {
"file": "res/res_pjsip/pjsip_configuration.c"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-6c2b14fd",
"signature_version": "v1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "233397609238933880777129633546512282032",
"length": 359.0
},
"target": {
"file": "res/res_pjsip_endpoint_identifier_ip.c",
"function": "ip_identify"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-85402664",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "10850304549588860040133648342332018537",
"length": 2151.0
},
"target": {
"file": "res/res_pjsip_endpoint_identifier_ip.c",
"function": "load_module"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-9527a3ca",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "321117790809999770673419458671262935675",
"length": 767.0
},
"target": {
"file": "res/res_pjsip_endpoint_identifier_ip.c",
"function": "ip_identify_match_check"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-9995ed2c",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "191539497569206919396315680023280614976",
"length": 1601.0
},
"target": {
"file": "res/res_pjsip_endpoint_identifier_ip.c",
"function": "cli_print_body"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-a47d5442",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "128238337060452774239324523284725906637",
"length": 551.0
},
"target": {
"file": "res/res_pjsip/pjsip_configuration.c",
"function": "sip_endpoint_identifier_type2str"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-a5c1856b",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"48154925034208880326614317636830997300",
"190945977318940285188391595769211809282",
"55176213472902597442990859653438226722",
"220410033346188039470675630840798263936"
]
},
"target": {
"file": "include/asterisk/res_pjsip.h"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-c46abcb5",
"signature_version": "v1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "197020072731638583681039883675953480288",
"length": 3257.0
},
"target": {
"file": "res/res_pjsip_endpoint_identifier_ip.c",
"function": "ip_identify_apply"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-df48beef",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "125748909868961047905257998993619938692",
"length": 1031.0
},
"target": {
"file": "res/res_pjsip_endpoint_identifier_ip.c",
"function": "transport_identify"
},
"deprecated": false,
"source": "https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d",
"id": "CVE-2024-35190-f85f22b2",
"signature_version": "v1",
"signature_type": "Function"
}
]