VuXML ID | Description |
818b2bcb-a46f-11e9-bed9-001999f8d30b | asterisk -- Remote crash vulnerability with MESSAGE messages
The Asterisk project reports:
A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.
Discovery 2019-06-13 Entry 2019-07-12 asterisk13
< 13.27.1
asterisk15
< 15.7.3
asterisk16
< 16.4.1
https://downloads.asterisk.org/pub/security/AST-2019-002.html
CVE-2019-12827
|
6adf6ce0-44a6-11eb-95b7-001999f8d30b | asterisk -- Remote crash in res_pjsip_diversion
The Asterisk project reports:
AST-2020-003: A crash can occur in Asterisk when a SIP
message is received that has a History-Info header, which
contains a tel-uri.
AST-2020-004: A crash can occur in Asterisk when a SIP
181 response is received that has a Diversion header,
which contains a tel-uri.
Discovery 2020-12-02 Entry 2020-12-22 asterisk13
< 13.38.1
asterisk16
< 16.15.1
asterisk18
< 18.1.1
https://downloads.asterisk.org/pub/security/AST-2020-003.html
https://downloads.asterisk.org/pub/security/AST-2020-004.html
|
29b7f0be-1fb7-11eb-b9d4-001999f8d30b | asterisk -- Outbound INVITE loop on challenge with different nonce
The Asterisk project reports:
If Asterisk is challenged on an outbound INVITE and
the nonce is changed in each response, Asterisk will
continually send INVITEs in a loop. This causes Asterisk
to consume more and more memory since the transaction
will never terminate (even if the call is hung up),
ultimately leading to a restart or shutdown of Asterisk.
Outbound authentication must be configured on the endpoint
for this to occur.
Discovery 2020-11-05 Entry 2020-11-05 asterisk13
< 13.37.1
asterisk16
< 16.14.1
asterisk18
< 18.0.1
https://downloads.asterisk.org/pub/security/AST-2020-002.html
|
a8d94711-0d03-11ea-87ca-001999f8d30b | asterisk -- SIP request can change address of a SIP peer
The Asterisk project reports:
A SIP request can be sent to Asterisk that can change
a SIP peers IP address. A REGISTER does not need to occur,
and calls can be hijacked as a result. The only thing
that needs to be known is the peers name; authentication
details such as passwords do not need to be known. This
vulnerability is only exploitable when the nat option is
set to the default, or auto_force_rport.
Discovery 2019-10-17 Entry 2019-11-22 asterisk13
< 13.29.2
asterisk16
< 16.6.2
https://downloads.asterisk.org/pub/security/AST-2019-006.html
CVE-2019-18790
|
972fe546-1fb6-11eb-b9d4-001999f8d30b | asterisk -- Remote crash in res_pjsip_session
The Asterisk project reports:
Upon receiving a new SIP Invite, Asterisk did not
return the created dialog locked or referenced. This
caused a gap between the creation of the dialog object,
and its next use by the thread that created it. Depending
upon some off nominal circumstances, and timing it was
possible for another thread to free said dialog in this
gap. Asterisk could then crash when the dialog object,
or any of its dependent objects were de-referenced, or
accessed next by the initial creation thread.
Discovery 2020-11-05 Entry 2020-11-05 asterisk13
< 13.37.1
asterisk16
< 16.14.1
asterisk18
< 18.0.1
https://downloads.asterisk.org/pub/security/AST-2020-001.html
|
e9d2e981-a46d-11e9-bed9-001999f8d30b | asterisk -- Remote Crash Vulnerability in chan_sip channel driver
The Asterisk project reports:
When T.38 faxing is done in Asterisk a T.38 reinvite
may be sent to an endpoint to switch it to T.38. If the
endpoint responds with an improperly formatted SDP answer
including both a T.38 UDPTL stream and an audio or video
stream containing only codecs not allowed on the SIP peer
or user a crash will occur. The code incorrectly assumes
that there will be at least one common codec when T.38
is also in the SDP answer.
Discovery 2019-06-28 Entry 2019-07-12 asterisk13
< 13.27.1
asterisk15
< 15.7.3
asterisk16
< 16.4.1
https://downloads.asterisk.org/pub/security/AST-2019-003.html
CVE-2019-13161
|
49b61ab6-0d04-11ea-87ca-001999f8d30b | asterisk -- AMI user could execute system commands
The Asterisk project reports:
A remote authenticated Asterisk Manager Interface (AMI)
user without system authorization could use a specially
crafted Originate AMI request to execute arbitrary system
commands.
Discovery 2019-10-10 Entry 2019-11-22 asterisk13
< 13.29.2
asterisk16
< 16.6.2
https://downloads.asterisk.org/pub/security/AST-2019-007.html
CVE-2019-18610
|
7d53d8da-d07a-11e9-8f1a-001999f8d30b | asterisk -- Remote Crash Vulnerability in audio transcoding
The Asterisk project reports:
When audio frames are given to the audio transcoding
support in Asterisk the number of samples are examined
and as part of this a message is output to indicate that
no samples are present. A change was done to suppress
this message for a particular scenario in which the message
was not relevant. This change assumed that information
about the origin of a frame will always exist when in
reality it may not.
This issue presented itself when an RTP packet containing
no audio (and thus no samples) was received. In a particular
transcoding scenario this audio frame would get turned
into a frame with no origin information. If this new frame
was then given to the audio transcoding support a crash
would occur as no samples and no origin information would
be present. The transcoding scenario requires the genericplc
option to be set to enabled (the default) and a transcoding
path from the source format into signed linear and then
from signed linear into another format.
Note that there may be other scenarios that have not
been found which can cause an audio frame with no origin
to be given to the audio transcoding support and thus
cause a crash.
Discovery 2019-08-07 Entry 2019-09-06 asterisk13
< 13.28.1
asterisk16
< 16.5.1
https://downloads.asterisk.org/pub/security/AST-2019-005.html
CVE-2019-15639
|
d94c08d2-d079-11e9-8f1a-001999f8d30b | asterisk -- Crash when negotiating for T.38 with a declined stream
The Asterisk project reports:
When Asterisk sends a re-invite initiating T.38 faxing,
and the endpoint responds with a declined media stream a
crash will then occur in Asterisk.
Discovery 2019-08-05 Entry 2019-09-06 asterisk15
< 15.7.4
asterisk16
< 16.5.1
https://downloads.asterisk.org/pub/security/AST-2019-004.html
CVE-2019-15297
|