Debian 10 Asterisk DLA-3696-1 Moderate: Memory Corruption DoS Issues
debian lts
December 28, 2023
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange
Summary
CVE-2023-37457
The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
PREVIOUS 
NEXT Package: asterisk
Version: 1:16.28.0~dfsg-0+deb10u4
CVE ID: CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786
Debian Bug: 1059303 1059032 1059033
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!