An issue exists in Asterisk Open Source up to and including 13.27.0, 14.x and 15.x up to and including 15.7.2, and 16.x up to and including 16.4.0, and Certified Asterisk up to and including 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an malicious user to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digium certified asterisk 11.6 |
||
digium certified asterisk 1.8.14.0 |
||
digium certified asterisk 11.4.0 |
||
digium certified asterisk 13.1.0 |
||
digium certified asterisk 11.1.0 |
||
digium certified asterisk 1.8.0.0 |
||
digium certified asterisk 1.8.10.0 |
||
digium certified asterisk 1.8.6.0 |
||
digium certified asterisk 1.8.11 |
||
digium certified asterisk 13.8 |
||
digium certified asterisk 1.8.8.0 |
||
digium certified asterisk 1.8.12.0 |
||
digium certified asterisk 1.8.3.0 |
||
digium certified asterisk 1.8.15 |
||
digium certified asterisk 11.3.0 |
||
digium certified asterisk 1.8.11.0 |
||
digium certified asterisk 1.8.4.0 |
||
digium certified asterisk 1.8.5.0 |
||
digium certified asterisk 1.8.13.0 |
||
digium certified asterisk 1.8.28 |
||
digium certified asterisk 11.6.0 |
||
digium certified asterisk 1.8.1.0 |
||
digium certified asterisk 11.5.0 |
||
digium certified asterisk 1.8.7.0 |
||
digium certified asterisk 1.8.28.0 |
||
digium certified asterisk 11.0.0 |
||
digium certified asterisk 1.8.9.0 |
||
digium certified asterisk 13.13 |
||
digium certified asterisk 1.8.2.0 |
||
digium certified asterisk 13.1 |
||
digium certified asterisk 13.8.0 |
||
digium certified asterisk 11.2 |
||
digium certified asterisk 13.21 |
||
digium certified asterisk 13.18 |
||
digium certified asterisk 13.13-cert2 |
||
digium asterisk |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |