Vulnerabilities > CVE-2022-37325 - Out-of-bounds Write vulnerability in Sangoma Asterisk
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://downloads.asterisk.org/pub/security/AST-2022-007.html
- https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
- https://www.debian.org/security/2023/dsa-5358
- https://downloads.asterisk.org/pub/security/AST-2022-007.html
- https://www.debian.org/security/2023/dsa-5358
- https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html