CNNVD-202508-3329 Information
CNNVD ID
CNNVD-202508-3329
Related CVE
- CNNVD Published: 2025-08-28
Description (Chinese)
Asterisk是Asterisk开源的一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk 20.15.2版本和22.5.2之前版本存在安全漏洞,该漏洞源于get_authorization_header函数返回NULL导致SEGV。
Description (English)
Asterisk is a software for the Asterisk open source of the PBX system, which operates on the Linux system and supports IP calls using the SIP, IAX, H323 protocols. There is a security loophole in versions 20.15.2 and 22.5.2 prior to the Asterisk version, which originates from the return of the Get authorization header function to the NULL leading SEGV.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Astium
Published
2025-08-28
Last Modified
2026-02-24
References
https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j https://github.com/asterisk/asterisk/pull/1407 https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f https://nvd.nist.gov/vuln/detail/CVE-2025-57767 https://vigilance.fr/vulnerability/Asterisk-Open-Source-denial-of-service-via-SIP-Request-Authorization-Header-48090
Patch
https://www.asterisk.org/downloads/
Share on: