4
CVSSv2

CVE-2019-12827

Published: 12/07/2019 Updated: 17/07/2019
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Summary

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and previous versions allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

Vulnerability Trend

Affected Products

Vendor Product Versions
DigiumAsterisk13.0.0, 13.0.1, 13.0.2, 13.1.0, 13.1.1, 13.2.0, 13.2.1, 13.3.0, 13.3.1, 13.3.2, 13.4.0, 13.5.0, 13.6.0, 13.7.0, 13.7.1, 13.7.2, 13.8.0, 13.8.1, 13.8.2, 13.9.0, 13.9.1, 13.10.0, 13.11.0, 13.11.1, 13.11.2, 13.12, 13.12.0, 13.12.1, 13.12.2, 13.13, 13.13.0, 13.13.1, 13.14.0, 13.14.1, 13.15.0, 13.15.1, 13.16.0, 13.17.0, 13.17.1, 13.17.2, 13.18.0, 13.18.1, 13.18.2, 13.18.3, 13.18.4, 13.18.5, 13.19.0, 13.19.1, 13.19.2, 13.20.0, 13.21.0, 13.21.1, 13.22.0, 13.23.0, 15.0.0, 15.1.0, 15.1.1, 15.1.2, 15.1.3, 15.1.4, 15.1.5, 15.2.0, 15.2.1, 15.2.2, 15.3.0, 15.4.0, 15.4.1, 15.5.0, 15.6.0, 15.6.2, 15.7.0, 15.7.1, 16.0.0, 16.0.1, 16.1.0, 16.2.0, 16.2.1
DigiumCertified Asterisk13.21

Vendor Advisories

Debian Bug report logs - #931981 asterisk: CVE-2019-13161: AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Salvatore Bonacco ...
Debian Bug report logs - #931980 asterisk: CVE-2019-12827: AST-2019-002: Remote crash vulnerability with MESSAGE messages Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso & ...

Mailing Lists

Asterisk Project Security Advisory - AST-2019-002 Product Asterisk Summary Remote crash vulnerability with MESSAGE messages Nature of Advisory Denial Of Service Susceptibility Remote Authenticated Sessions ...
Asterisk Project Security Advisory - AST-2019-002 Product Asterisk Summary Remote crash vulnerability with MESSAGE messages Nature of Advisory Denial Of Service Susceptibility Remote Authenticated Sessions ...