Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-57767

Good to know:

icon
icon

Date: August 28, 2025

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds.

Severity Score

Related Resources (6)

https://github.com/asterisk/asterisk/pull/1407
https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j
https://nvd.nist.gov/vuln/detail/CVE-2025-57767
https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f
https://security-tracker.debian.org/tracker/CVE-2025-57767
https://www.mend.io/vulnerability-database/CVE-2025-57767

Severity Score

Weakness Type (CWE)

Incorrect Check of Function Return Value

CWE-253

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/asterisk/asterisk.git - 20.15.2;https://github.com/asterisk/asterisk.git - 21.10.2;https://github.com/asterisk/asterisk.git - 22.5.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us