Out-of-bounds Read Affecting asterisk package, versions <1:16.28.0~dfsg-0+deb11u1


Severity

Recommended
0.0
critical
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.42% (75th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN11-ASTERISK-2405742
  • published4 Feb 2022
  • disclosed27 Jan 2022

Introduced: 27 Jan 2022

CVE-2022-21722  (opens in a new tab)
CWE-125  (opens in a new tab)

How to fix?

Upgrade Debian:11 asterisk to version 1:16.28.0~dfsg-0+deb11u1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream asterisk package and not the asterisk package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the master branch. There are no known workarounds.

CVSS Scores

version 3.1