The Asterisk Development Team would like to announce security release
Asterisk 22.5.2.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.5.2
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 22.5.2
Change Log for Release asterisk-22.5.2
Links:
Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- GHSA-64qc-9x89-rx5j: A specifically malformed Authorization header in an incoming SIP request can cause Asterisk to crash
User Notes:
Upgrade Notes:
Developer Notes:
Commit Authors:
- George Joseph: (1)
Issue and Commit Detail:
Closed Issues:
- !GHSA-64qc-9x89-rx5j: A specifically malformed Authorization header in an incoming SIP request can cause Asterisk to crash
Commits By Author:
-
George Joseph (1):
- res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.
Commit List:
- res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.
Commit Details:
res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.
Author: George Joseph
Date: 2025-08-28
In the highly-unlikely event that get_authorization_hdr() couldn't find an
Authorization header in a request, trying to get the digest algorithm
would cauase a SEGV. We now check that we have an auth header that matches
the realm before trying to get the algorithm from it.
Resolves: #GHSA-64qc-9x89-rx5j