Pc-M

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 20.15.2 Asterisk versions prior to 21.10.2 Asterisk versions prior to 22.5.2 **Description** Asterisk is an open source private branch exchange and telephony toolkit. If a Session Initiation Protocol (SIP) request is received with an Authorization header containing a realm not present in a previous 401 response’s WWW-Authenticate header, or an incorrect realm is received without a prior 401 response, the `get authorization header()` function in `res pjsip authenticator digest` returns a NULL value. This lack of validation before attempting to retrieve the digest algorithm from the header results in a segmentation fault (SEGV). **Recommendations** Update Asterisk to version 20.15.2 or later. Update Asterisk to version 21.10.2 or later. Update Asterisk to version 22.5.2 or later.