Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds.
Metrics
Affected Vendors & Products
References
History
Thu, 28 Aug 2025 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Asterisk
Asterisk asterisk |
|
Vendors & Products |
Asterisk
Asterisk asterisk |
Thu, 28 Aug 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 28 Aug 2025 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds. | |
Title | Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request | |
Weaknesses | CWE-253 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-08-28T17:12:35.539Z
Reserved: 2025-08-19T15:16:22.917Z
Link: CVE-2025-57767

Updated: 2025-08-28T17:12:32.076Z

Status : Awaiting Analysis
Published: 2025-08-28T16:15:35.410
Modified: 2025-08-29T16:24:29.730
Link: CVE-2025-57767

No data.

Updated: 2025-08-28T21:21:30Z