Denial of Service Vulnerability in Asterisk by Sangoma Technologies
CVE-2022-37325

7.5HIGH

Key Information:

Vendor: Sangoma
Status: Asterisk
Vendor: CVE Published:; 5 December 2022

What is CVE-2022-37325?

A vulnerability exists in Asterisk, specifically in the handling of incoming Setup messages. A malformed Calling or Called Party Information Element (IE) in such messages can lead to unexpected crashes, potentially causing service disruptions. This affects various versions of Asterisk, including versions 16.28.0, 17.x, 18.x up to 18.14.0, and 19.x up to 19.6.0. It's crucial for users to apply security updates to mitigate this risk.