返回 CVE 浏览器

CVE-2019-18976

HIGH

7.5

CVSS Severity Score

EPSS Score0.0760%

EPSS Percentile17.71th

Published2019年11月22日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

Affected Platforms (CPE)

📦

Digium

Asterisk

>= 13.0.0 and <= 13.29.1

📦

Digium

Certified Asterisk

= 13.21

📦

Digium

Certified Asterisk

= 13.21

📦

Digium

Certified Asterisk

= 13.21

📦

Digium

Certified Asterisk

= 13.21

📦

Digium

Certified Asterisk

= 13.21

💻

Debian

Debian Linux

= 9.0

References & Advisories

🔗 http://downloads.asterisk.org/pub/security/AST-2019-008.html

🔗 https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html

🔗 https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html

🔗 https://seclists.org/fulldisclosure/2019/Nov/20

🔗 https://www.asterisk.org/downloads/security-advisories

🔗 https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1

🔗 http://downloads.asterisk.org/pub/security/AST-2019-008.html

🔗 https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html

相关漏洞威胁

CVE-2007-248810.0

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attacke...

CVE-2017-141009.8

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13...

CVE-2007-37629.3

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edit...

CVE-2008-13909.3

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x b...