Buffer Underwrite (Buffer Underflow) Affecting asterisk package, versions [16.0.0,16.29.1)[18.0.0,18.15.1)[19.0.0,19.7.1)[20.0.0,20.0.1)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.24% (63rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-ASTERISK-3162225
  • published8 Dec 2022
  • disclosed8 Dec 2022
  • creditUnknown

Introduced: 8 Dec 2022

CVE-2022-37325  (opens in a new tab)
CWE-124  (opens in a new tab)

How to fix?

Upgrade asterisk to version 16.29.1, 18.15.1, 19.7.1, 20.0.1 or higher.

Overview

Affected versions of this package are vulnerable to Buffer Underwrite (Buffer Underflow) in addons/ooh323c/src/ooq931.c, which can crash the application when decoding with a zero-length Calling or Called Party IE.

NOTE: This vulnerability is only relevant to systems using the ooh323 module.

CVSS Base Scores

version 3.1