跳转到帖子

Debian: CVE-2022-23537: asterisk, ring -- security update

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Debian: CVE-2022-23537: asterisk, ring -- security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
12/20/2022
Created
02/24/2023
Added
02/24/2023
Modified
01/28/2025

Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).

Solution(s)

  • debian-upgrade-asterisk
  • debian-upgrade-ring

References

  • https://attackerkb.com/topics/cve-2022-23537
  • CVE - 2022-23537
  • DLA-3335-1
  • DSA-5358-1
  • 引用
  • Mention
    • 查看数 693
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表