CVE-2022-37325

Name of the Vulnerable Software and Affected Versions Sangoma Asterisk versions 16.28.0 and earlier, 17.x, 18.x through 18.14.0, and 19.x through 19.6.0

Description The issue arises from an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE, which can cause a crash.

Recommendations For versions 16.28.0 and earlier, 17.x, 18.x through 18.14.0, and 19.x through 19.6.0, consider updating to a version later than 19.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the ooq931.c file in the addons/ooh323c/src directory until a patch is available. Avoid processing incoming Setup messages with malformed Calling or Called Party IE in the affected ooq931.c file until the issue is resolved.