CVE-2025-57767Incorrect Check of Function Return Value in Asterisk

CWE-253Incorrect Check of Function Return Value4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 73.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
AsteriskSangoma AsteriskDebian Asterisk
Timeline
PublishedAug 28

Description

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked befo

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/asterisk< asterisk 1:22.5.2~dfsg+~cs6.15.60671435-1 (sid)
NVDsangoma/asterisk21.0.021.10.2+2
CVEListV5asterisk/asterisk< 22.5.2+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
OSV
CVE-2025-57767: Asterisk is an open source private branch exchange and telephony toolkit2025-08-28

📋Vendor Advisories

1
Debian
CVE-2025-57767: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. Prior ...2025

💬Community

1
Bugzilla
CVE-2025-57767 asterisk: Asterisk denial of service via malformed SIP request [epel-9]2025-08-28
CVE-2025-57767 — Asterisk vulnerability | cvebase