Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the getauthorizationheader() function in respjsipauthenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds.
{
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-253"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57767.json"
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "20.15.2"
},
{
"introduced": "21.0.0"
},
{
"fixed": "21.10.2"
},
{
"introduced": "22.0.0"
},
{
"fixed": "22.5.2"
}
]
}"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57767.json"
[
{
"id": "CVE-2025-57767-71141676",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f",
"deprecated": false,
"digest": {
"function_hash": "107882573564604585624201498152436135581",
"length": 2393.0
},
"target": {
"function": "digest_lookup",
"file": "res/res_pjsip_authenticator_digest.c"
}
},
{
"id": "CVE-2025-57767-9675c8da",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"277113248831915314237292959927735528212",
"26076776454639219442901390736304469642",
"229953372221277453769434869868126404944",
"137481854344370599437213900924473762372",
"82755533326211727937228182954525794937",
"49066820799980664296549011749812836794",
"334763552888328235903640845191001292168",
"265295399912787821942055360511167746276",
"181835901875177897785136430575958951080",
"282180388400386255834846649031299083511",
"132830972370239002539433144018311031757",
"141064321184641834148639187512199981765",
"284648278444002065858453528195805135505",
"174685326093314722010253079827554637724",
"227229970931242580871204575113999963605",
"63124256552325911008131164803349470862",
"222521996826963428849393884234670607455",
"237519995051812834915892471091847100586"
]
},
"target": {
"file": "res/res_pjsip_authenticator_digest.c"
}
}
]
"2026-07-15T19:48:09Z"