CVE-2022-37325
Summary
| CVE | CVE-2022-37325 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-05 21:15:00 UTC |
| Updated | 2023-02-24 00:15:00 UTC |
| Description | In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| AST-YYYY-NNN | MISC | downloads.asterisk.org | |
| Debian -- Security Information -- DSA-5358-1 asterisk | DEBIAN | www.debian.org | |
| [SECURITY] [DLA 3335-1] asterisk security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181602 Debian Security Update for asterisk (DLA 3335-1)
- 181679 Debian Security Update for asterisk (DSA 5358-1)
- 502709 Alpine Linux Security Update for asterisk
- 510668 Alpine Linux Security Update for asterisk
- 691046 Free Berkeley Software Distribution (FreeBSD) Security Update for sterisk (8dd438ed-a338-11ed-b48b-589cfc0f81b0)