Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2021-46837

Published: 30/08/2022 Updated: 28/01/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Asterisk

Vulnerability Summary

res_pjsip_t38 in Sangoma Asterisk 16.x prior to 16.16.2, 17.x prior to 17.9.3, and 18.x prior to 18.2.2, and Certified Asterisk prior to 16.8-cert7, allows an malicious user to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

asterisk certified asterisk 16.8.0

digium asterisk

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: asterisk: CVE-2021-46837 AST-2021-006 crash when receiving m=image 0 udptl t38 re-invite fixed in 16.16.2
Debian Bug report logs - #1018073 asterisk: CVE-2021-46837 AST-2021-006 crash when receiving m=image 0 udptl t38 re-invite fixed in 16162 Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Beno ...
Debian Security Advisories: DSA-5285-1 asterisk -- security update
Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code Special care should be taken when upgrading to this new upstream release Some configuration files and options have cha ...

References

CWE-476https://downloads.asterisk.org/pub/security/AST-2021-006.htmlhttps://lists.debian.org/debian-lts-announce/2022/11/msg00021.htmlhttps://www.debian.org/security/2022/dsa-5285https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5285
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook