Sign-up

ID

VAR-202312-0487


CVE

CVE-2023-49786


TITLE

Digium  of  Asterisk  Vulnerabilities related to race conditions in products from multiple vendors such as

Trust: 0.8

sources: JVNDB: JVNDB-2023-024446

DESCRIPTION

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. Digium of Asterisk Race condition vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033 Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. CVE-2023-37457 The 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. CVE-2023-38703 PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce a use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. CVE-2023-49294 It is possible to read any arbitrary file even when the `live_dangerously` option is not enabled. For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4. We recommend that you upgrade your asterisk packages. For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----

Trust: 1.71

sources: NVD: CVE-2023-49786 // JVNDB: JVNDB-2023-024446 // PACKETSTORM: 176383

AFFECTED PRODUCTS

vendor:digiummodel:asteriskscope:ltversion:20.5.1

Trust: 1.0

vendor:sangomamodel:certified asteriskscope:eqversion:16.8.0

Trust: 1.0

vendor:sangomamodel:certified asteriskscope:eqversion:18.9

Trust: 1.0

vendor:digiummodel:asteriskscope:gteversion:19.0.0

Trust: 1.0

vendor:digiummodel:asteriskscope:ltversion:18.20.1

Trust: 1.0

vendor:digiummodel:asteriskscope:eqversion:21.0.0

Trust: 1.0

vendor:sangomamodel:certified asteriskscope:eqversion:13.13.0

Trust: 1.0

vendor:sangomamodel:certified asteriskscope: - version: -

Trust: 0.8

vendor:digiummodel:asteriskscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-024446 // NVD: CVE-2023-49786

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-49786
value: MEDIUM

Trust: 1.0

security-advisories@github.com: CVE-2023-49786
value: HIGH

Trust: 1.0

NVD: CVE-2023-49786
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2023-49786
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

security-advisories@github.com: CVE-2023-49786
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-49786
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-024446 // NVD: CVE-2023-49786 // NVD: CVE-2023-49786

PROBLEMTYPE DATA

problemtype:CWE-703

Trust: 1.0

problemtype:CWE-362

Trust: 1.0

problemtype:Race condition (CWE-362) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-024446 // NVD: CVE-2023-49786

EXTERNAL IDS

db:NVDid:CVE-2023-49786

Trust: 2.7

db:PACKETSTORMid:176251

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2023/12/15/7

Trust: 1.8

db:JVNDBid:JVNDB-2023-024446

Trust: 0.8

db:PACKETSTORMid:176383

Trust: 0.1

sources: JVNDB: JVNDB-2023-024446 // PACKETSTORM: 176383 // NVD: CVE-2023-49786

REFERENCES

url:http://packetstormsecurity.com/files/176251/asterisk-20.1.0-denial-of-service.html

Trust: 1.8

url:http://seclists.org/fulldisclosure/2023/dec/24

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2023/12/15/7

Trust: 1.8

url:https://github.com/enablesecurity/advisories/tree/master/es2023-01-asterisk-dtls-hello-race

Trust: 1.8

url:https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05

Trust: 1.8

url:https://github.com/asterisk/asterisk/security/advisories/ghsa-hxj9-xwr8-w8pq

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-49786

Trust: 0.9

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-38703

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-49294

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/asterisk

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-37457

Trust: 0.1

sources: JVNDB: JVNDB-2023-024446 // PACKETSTORM: 176383 // NVD: CVE-2023-49786

CREDITS

Debian

Trust: 0.1

sources: PACKETSTORM: 176383

SOURCES

db:JVNDBid:JVNDB-2023-024446
db:PACKETSTORMid:176383
db:NVDid:CVE-2023-49786

LAST UPDATE DATE

2024-08-14T14:30:07.981000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-024446date:2024-01-31T06:13:00
db:NVDid:CVE-2023-49786date:2023-12-29T00:15:50.043

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-024446date:2024-01-31T00:00:00
db:PACKETSTORMid:176383date:2024-01-05T14:31:02
db:NVDid:CVE-2023-49786date:2023-12-14T20:15:52.927