cvedb.io
CVE-2022-42705
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2022-12-05T21:15:10.177 · Last modified 2026-06-17T05:05:09.760

Summary

A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.

Affected products

sangoma — asterisk

Does this affect you?

Add your gear to cvedb and we'll alert you only when sangoma ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.