HomeSangomaCVE-2022-42705

CVE-2022-42705

MEDIUM
6.5CVSS
Published: 2022-12-05
Updated: 2025-04-24
AI Analysis

Description

A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.

CVSS Metrics

Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
network
Complexity
low
Privileges
low
User Action
none
Scope
unchanged
Confidentiality
none
Integrity
none
Availability
high
Weaknesses
CWE-416CWE-416

Metadata

Primary Vendor
SANGOMA
Published
12/5/2022
Last Modified
4/24/2025
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

sangoma : asterisksangoma : asterisksangoma : asterisksangoma : asterisksangoma : certified_asterisk

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2022-42705 | MEDIUM Severity | CVEDatabase.com | CVEDatabase.com