关键漏洞信息 漏洞概述 Product: Asterisk Summary: pjproject: unconstrained malformed multipart SIP message Nature of Advisory: Out of bounds memory access Susceptibility: Remote unauthenticated sessions Severity: Minor Exploits Known: Yes 报告与更新 Reported On: March 3, 2022 Posted On: March 4, 2022 Last Updated On: March 3, 2022 Advisory Contact: kharwell AT sangoma DOT com CVE Name: CVE-2022-21723 描述与影响 Description: If an incoming SIP message contains a malformed multi-part body an out of bounds read access may occur, which can result in undefined behavior. Modules Affected: bundled pjproject 解决方案 Resolution: - Upgrade to or install one of the versions of Asterisk listed below. - Install the appropriate version of pjproject that contains the patch. 受影响版本 Affected Versions: - Asterisk Open Source 16.x: All versions - Asterisk Open Source 18.x: All versions - Asterisk Open Source 19.x: All versions - Certified Asterisk 16.x: All versions 已修正版本 Corrected In: - Asterisk Open Source: 16.24.1, 18.10.1, 19.2.1 - Certified Asterisk: 16.8-cert13 补丁链接 Asterisk 16 Asterisk 18 Asterisk 19 Certified Asterisk 16.8