CVE-2023-37457
📋 TL;DR
Asterisk contains a buffer overflow vulnerability in the PJSIP_HEADER dialplan function's 'update' functionality. This can cause memory corruption or crashes, potentially leading to denial of service or arbitrary code execution. Only systems using the vulnerable 'update' functionality with untrusted input are affected.
💻 Affected Systems
- Asterisk
- certified-asterisk
📦 What is this software?
Asterisk by Digium
Asterisk by Digium
Asterisk by Digium
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise if dialplan processes untrusted input through the vulnerable function.
Likely Case
Denial of service through Asterisk crash, disrupting telephony services.
If Mitigated
No impact if the 'update' functionality is not used or if input validation prevents buffer overflow.
🎯 Exploit Status
Exploitation requires specific dialplan configuration that processes external data through the vulnerable function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit a1ca0268254374b515fa5992f01340f7717113fa
Vendor Advisory: https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh
Restart Required: Yes
Instructions:
1. Update Asterisk to patched version. 2. Apply commit a1ca0268254374b515fa5992f01340f7717113fa. 3. Restart Asterisk service.
🔧 Temporary Workarounds
Disable PJSIP_HEADER update functionality
allRemove or modify dialplan configurations that use PJSIP_HEADER function's 'update' feature.
Review and edit Asterisk dialplan files to remove 'update' usage in PJSIP_HEADER functions
🧯 If You Can't Patch
- Audit dialplan configurations to ensure PJSIP_HEADER 'update' functionality doesn't process untrusted input.
- Implement network segmentation to isolate Asterisk systems from untrusted networks.
🔍 How to Verify
Check if Vulnerable:
Check Asterisk version and review dialplan for PJSIP_HEADER function usage with 'update' parameter.Check Version:
asterisk -VVerify Fix Applied:
Verify Asterisk version is updated beyond affected versions and confirm commit a1ca0268254374b515fa5992f01340f7717113fa is applied.📡 Detection & Monitoring
Log Indicators:
- Asterisk crash logs
- Memory corruption errors in system logs
Network Indicators:
- Unusual SIP header manipulation attempts
SIEM Query:
Search for Asterisk process crashes or memory violation errors in system logs.🔗 References
- https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa
- https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh
- https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
- https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa
- https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh
- https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
