Search for vulnerabilities
Vulnerability details: VCID-uvk4-hnk6-aaaq
Vulnerability ID VCID-uvk4-hnk6-aaaq
Aliases CVE-2023-37457
Summary Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
Status Published
Exploitability 0.5
Weighted Severity 7.4
Risk 3.7
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00244 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2023-37457
cvssv3 8.2 https://nvd.nist.gov/vuln/detail/CVE-2023-37457
cvssv3.1 8.2 https://nvd.nist.gov/vuln/detail/CVE-2023-37457
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-37457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa
https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh
https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
1059303 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*
CVE-2023-37457 https://nvd.nist.gov/vuln/detail/CVE-2023-37457
GLSA-202412-03 https://security.gentoo.org/glsa/202412-03
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-37457
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-37457
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.14632
EPSS Score 0.00047
Published At June 25, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-01-03T17:11:46.612707+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2023-37457 34.0.0rc1