CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-26713
https://notcve.org/view.php?id=CVE-2021-26713
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch. Un desbordamiento del búfer en la región stack de la memoria en el archivo res_rtp_asterisk.c en Sangoma Asterisk versiones anteriores a 16.16.1, versiones 17.x anteriores a 17.9.2 y versiones 18.x anteriores a 18.2.1 y Certified Asterisk versiones anteriores a 16.8-cert6, permite a un cliente WebRTC autenticado causar un bloqueo de Asterisk mediante el envío de múltiples peticiones de hold/unhold en una sucesión rápida. Esto es causado por una discrepancia en la comparación de firmas • https://downloads.asterisk.org/pub/security https://downloads.asterisk.org/pub/security/AST-2021-004.html https://issues.asterisk.org/jira/browse/ASTERISK-29205 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2021-26712
https://notcve.org/view.php?id=CVE-2021-26712
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. Los controles de acceso incorrectos en el archivo res_srtp.c en Sangoma Asterisk versiones 13.38.1, 16.16.0, 17.9.1 y 18.2.0 y Certified Asterisk 16.8-cert5, permite a un atacante remoto no autenticado finalizar prematuramente llamadas seguras al reproducir paquetes SRTP • http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html http://seclists.org/fulldisclosure/2021/Feb/59 https://downloads.asterisk.org/pub/security https://downloads.asterisk.org/pub/security/AST-2021-003.html https://issues.asterisk.org/jira/browse/ASTERISK-29260 •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2021-26906
https://notcve.org/view.php?id=CVE-2021-26906
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure. Se detectó un problema en el archivo res_pjsip_session.c en Digium Asterisk versiones hasta 13.38.1; 14.x, 15.x y 16.xa 16.16.0; 17.xa 17.9.1; y 18.xa 18.2.0, y Certified Asterisk versiones hasta 16.8-cert5. Una vulnerabilidad de negociación SDP en PJSIP permite a un servidor remoto bloquear potencialmente Asterisk mediante el envío de respuestas SIP específicas que causan un fallo en la negociación SDP • http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html http://seclists.org/fulldisclosure/2021/Feb/61 https://downloads.asterisk.org/pub/security https://downloads.asterisk.org/pub/security/AST-2021-005.html https://issues.asterisk.org/jira/browse/ASTERISK-29196 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-26717
https://notcve.org/view.php?id=CVE-2021-26717
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash. Se detectó un problema en Sangoma Asterisk versiones 16.x anteriores a 16.16.1, versiones 17.x anteriores a 17.9.2 y versiones 18.x anteriores a 18.2.1 y Certified Asterisk versiones anteriores a 16.8-cert6. Al renegociar para T.38, si la respuesta remota inicial se retrasó lo suficiente, Asterisk enviaría tanto audio como T.38 en el SDP. • http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html http://seclists.org/fulldisclosure/2021/Feb/58 https://downloads.asterisk.org/pub/security https://downloads.asterisk.org/pub/security/AST-2021-002.html https://issues.asterisk.org/jira/browse/ASTERISK-29203 •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 1CVE-2020-28327
https://notcve.org/view.php?id=CVE-2020-28327
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. • http://downloads.asterisk.org/pub/security/AST-2020-001.html https://issues.asterisk.org/jira/browse/ASTERISK-29057 • CWE-404: Improper Resource Shutdown or Release •