Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
Vulnerability Description
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Vulnerability Title
Asterisk 安全漏洞
Vulnerability Description
Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk存在安全漏洞,该漏洞源于 超出用于存储标头新值的可用缓冲区空间,可能会覆盖内存或导致崩溃。
CVSS Information
N/A
Vulnerability Type
N/A