Out-of-bounds Read Affecting asterisk package, versions <1:16.28.0~dfsg-0+deb10u1


Severity

Recommended
0.0
critical
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.66% (81st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN10-ASTERISK-2405706
  • published4 Feb 2022
  • disclosed27 Jan 2022

Introduced: 27 Jan 2022

CVE-2022-21723  (opens in a new tab)
CWE-125  (opens in a new tab)

How to fix?

Upgrade Debian:10 asterisk to version 1:16.28.0~dfsg-0+deb10u1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream asterisk package and not the asterisk package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the master branch. There are no known workarounds.

CVSS Scores

version 3.1