Published: 09/09/2019 Updated: 30/08/2022

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

res_pjsip_t38 in Sangoma Asterisk 15.x prior to 15.7.4 and 16.x prior to 16.5.1 allows an malicious user to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk

Debian Bug report logs - #1018073 asterisk: CVE-2021-46837 AST-2021-006 crash when receiving m=image 0 udptl t38 re-invite fixed in 16162 Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Beno ...

Debian Bug report logs - #940060 asterisk: CVE-2019-15297: AST-2019-004: Crash when negotiating for T38 with a declined stream Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 11 Sep ...

CWE-476 http://downloads.asterisk.org/pub/security/AST-2019-004.html http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html http://seclists.org/fulldisclosure/2021/Mar/5 http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073

CVE-2019-15297

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect