CVE-2022-42705
Summary
| CVE | CVE-2022-42705 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-05 21:15:00 UTC |
| Updated | 2023-02-24 00:15:00 UTC |
| Description | A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription. |
Risk And Classification
Problem Types: CWE-416
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-5358-1 asterisk | DEBIAN | www.debian.org | |
| [SECURITY] [DLA 3335-1] asterisk security update | MLIST | lists.debian.org | |
| AST-2022-008 | MISC | downloads.asterisk.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181602 Debian Security Update for asterisk (DLA 3335-1)
- 181679 Debian Security Update for asterisk (DSA 5358-1)
- 502709 Alpine Linux Security Update for asterisk
- 510668 Alpine Linux Security Update for asterisk
- 691046 Free Berkeley Software Distribution (FreeBSD) Security Update for sterisk (8dd438ed-a338-11ed-b48b-589cfc0f81b0)