Digium Certified Asterisk 13.21 Cert2

CPE Details

Digium Certified Asterisk 13.21 Cert2
digium
certified_asterisk
13.21
2019-07-09
14h28 +00:00
2019-07-09
14h28 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*

Informations

Vendor

digium

Product

certified_asterisk

Version

13.21

Update

cert2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-18976 2019-11-22 15h59 +00:00 An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.
7.5
Haute
CVE-2019-13161 2019-07-12 17h24 +00:00 An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
5.3
Moyen
CVE-2019-12827 2019-07-12 17h19 +00:00 Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
6.5
Moyen