CVE-2025-57767
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-57767
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-57767.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-57767
- Aliases
-
- GHSA-64qc-9x89-rx5j
- Downstream
- Published
- 2025-08-28T16:15:35Z
- Modified
- 2025-08-28T22:57:24.798498Z
- Summary
- [none]
- Details
-
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the getauthorizationheader() function in respjsipauthenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds.
- References
Affected packages
Debian:11 / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/debian/asterisk?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:16.*
1:16.16.1~dfsg-1
1:16.16.1~dfsg-1+deb11u1~bpo10+1
1:16.16.1~dfsg-1+deb11u1
1:16.16.1~dfsg-2
1:16.16.1~dfsg-3
1:16.16.1~dfsg-4
1:16.16.1~dfsg+~2.10-1
1:16.16.1~dfsg+~2.10-2
1:16.23.0~dfsg+~2.10-1
1:16.23.0~dfsg+~cs6.10.20220309-1
1:16.23.0~dfsg+~cs6.10.20220309-2
1:16.23.0~dfsg+~cs6.10.40431411-1
1:16.28.0~dfsg-0+deb11u1
1:16.28.0~dfsg-0+deb11u2
1:16.28.0~dfsg-0+deb11u3
1:16.28.0~dfsg-0+deb11u4
1:16.28.0~dfsg-0+deb11u5
1:16.28.0~dfsg-0+deb11u6
1:16.28.0~dfsg-0+deb11u7
1:18.*
1:18.9.0~dfsg+~cs6.10.40431411-1
1:18.10.0~dfsg+~cs6.10.40431411-1
1:18.10.0~dfsg+~cs6.10.40431411-2
1:18.10.1~dfsg+~cs6.10.40431411-1
1:18.11.1~dfsg+~cs6.10.40431413-1
1:18.11.2~dfsg+~cs6.10.40431413-1
1:18.12.0~dfsg+~cs6.12.40431413-1
1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1
1:18.14.0~dfsg+~cs6.12.40431414-1
1:20.*
1:20.0.0~~rc1~dfsg+~cs6.12.40431414-1
1:20.0.0~~rc2~dfsg+~cs6.12.40431414-1
1:20.0.0~dfsg+~cs6.12.40431414-1
1:20.0.0~dfsg+~cs6.12.40431414-2
1:20.0.1~dfsg+~cs6.12.40431414-1
1:20.1.0~~rc2~dfsg+~cs6.12.40431414-1
1:20.1.0~dfsg+~cs6.12.40431414-1
1:20.2.1~dfsg+~cs6.13.40431413-1
1:20.3.0~dfsg+~cs6.13.40431413-1
1:20.4.0~dfsg+~cs6.13.40431414-1
1:20.4.0~dfsg+~cs6.13.40431414-2
1:20.5.0~dfsg+~cs6.13.40431414-1
1:20.5.1~dfsg+~cs6.13.40431414-1
1:20.5.2~dfsg+~cs6.13.40431414-1
1:20.6.0~dfsg+~cs6.13.40431414-1
1:20.6.0~dfsg+~cs6.13.40431414-2
1:20.8.1~dfsg+~cs6.14.40431414-1
1:20.9.3~dfsg+~cs6.14.60671435-1
1:22.*
1:22.0.0~~rc2~dfsg+~cs6.14.60671435-1
1:22.0.0~dfsg+~cs6.14.60671435-1
1:22.1.0~dfsg+~cs6.14.60671435-1
1:22.1.1~dfsg+~cs6.14.60671435-1
1:22.2.0~dfsg+~cs6.15.60671435-1
1:22.2.0~dfsg+~cs6.15.60671435-2
1:22.3.0~~rc1~dfsg+~cs6.15.60671435-1
1:22.3.0~dfsg+~cs6.15.60671435-1
1:22.4.1~dfsg+~cs6.15.60671435-1
1:22.4.1~dfsg+~cs6.15.60671435-2
1:22.5.1~dfsg+~cs6.15.60671435-1