Vulnerabilities > CVE-2022-37325 - Out-of-bounds Write vulnerability in Sangoma Asterisk

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

sangoma

CWE-787

NVD

Published: 2022-12-05

Updated: 2023-02-24

Summary

In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.

Vulnerable Configurations

Part	Description	Count
Application	Sangoma Sangoma Asterisk * Sangoma Asterisk 18.0.0 Sangoma Asterisk 18.1.0 Sangoma Asterisk 18.2.0 Sangoma Asterisk 18.2.1 Sangoma Asterisk 16.5.0 Sangoma Asterisk 16.6.0 Sangoma Asterisk 16.7.0 Sangoma Asterisk 16.8.0 Sangoma Asterisk 16.9.0 Sangoma Asterisk 16.10.0 Sangoma Asterisk 16.11.0 Sangoma Asterisk 16.12.0 Sangoma Asterisk 16.14.0 Sangoma Asterisk 16.15.0 Sangoma Asterisk 16.16.0 Sangoma Asterisk 16.16.1 Sangoma Asterisk 20.0.0	21

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References