Published: 12/07/2019 Updated: 21/07/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and previous versions allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium certified asterisk 13.21
digium asterisk

Debian Bug report logs - #931980 asterisk: CVE-2019-12827: AST-2019-002: Remote crash vulnerability with MESSAGE messages Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso & ...

Debian Bug report logs - #931981 asterisk: CVE-2019-13161: AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Salvatore Bonacco ...

CWE-787 https://issues.asterisk.org/jira/browse/ASTERISK-28447 http://downloads.digium.com/pub/security/AST-2019-002.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980

CVE-2019-12827

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect