CVSS: 5.9EPSS: 2%CPEs: 17EXPL: 0CVE-2021-26906 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2021-26906
18 Feb 2021 — An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure. Se detectó un problema en el archivo res_pjsip_session.c en Digium Asterisk versiones hasta 13.38.1; 14.x, 15.x y 16.xa 16.16.0;&... • http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2021-26717 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2021-26717
18 Feb 2021 — An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash. Se detectó un problema en Sangoma Asterisk versiones 16.x anteriores a 16.16.1, versiones 17.x anteriores a 17.9.2 y versione... • http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-35652
https://notcve.org/view.php?id=CVE-2020-35652
29 Jan 2021 — An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. Se detectó un problema en el archivo res_pjsip_diversion.c en Sangoma Asterisk versiones anteriores a 13.38.0, versiones 14.x hasta 16.x versiones anteriores a ... • https://downloads.asterisk.org/pub/security/AST-2020-003.html •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2019-18790 – Asterisk Project Security Advisory - AST-2019-006
https://notcve.org/view.php?id=CVE-2019-18790
21 Nov 2019 — An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option i... • http://downloads.asterisk.org/pub/security/AST-2019-006.html • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 54%CPEs: 11EXPL: 0CVE-2019-18610 – Asterisk Project Security Advisory - AST-2019-007
https://notcve.org/view.php?id=CVE-2019-18610
21 Nov 2019 — An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Se detectó un problema en el archivo manager.c en Sangoma Asterisk versiones hasta 13.x, 16.x, 17.x y Certified Asterisk versiones 13.21 hasta 13.21-cert4. Un usuario de Asterisk Manager Interface (AM... • http://downloads.asterisk.org/pub/security/AST-2019-007.html • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 0CVE-2019-15297 – Asterisk Project Security Advisory - AST-2021-006
https://notcve.org/view.php?id=CVE-2019-15297
05 Sep 2019 — res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference. res_pjsip_t38 en Sangoma Asterisk 15.x antes de 15.7.4 y 16.x antes de 16.5.1 permite a un atacante desencadenar un fallo enviando un flujo rechazado en una respuesta a una reinvitación T.38 iniciada por Asterisk. El fallo se produce debido a ... • http://downloads.asterisk.org/pub/security/AST-2019-004.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15639 – Asterisk Project Security Advisory - AST-2019-005
https://notcve.org/view.php?id=CVE-2019-15639
05 Sep 2019 — main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. El archivo main/translate.c en Sangoma Asterisk versiones 13.28.0 y 16.5.0, permite a un atacante remoto enviar un paquete RTP específico durante una llamada y causar un bloqueo en un escenario específico. When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message i... • http://downloads.asterisk.org/pub/security/AST-2019-005.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 4%CPEs: 8EXPL: 0CVE-2019-12827 – Asterisk Project Security Advisory - AST-2019-002
https://notcve.org/view.php?id=CVE-2019-12827
12 Jul 2019 — Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message. Desbordamiento de búfer en res_pjsip_messaging en Digium Asterisk versiones 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 versiones anteriores permite a los atacantes remotos autenticados cerrar inesperadamente Asterisk enviando un mensaje SIP MESSAGE especialmente diseñado. A specially crafted SIP i... • http://downloads.digium.com/pub/security/AST-2019-002.html • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 4%CPEs: 217EXPL: 0CVE-2019-13161 – Asterisk Project Security Advisory - AST-2019-003
https://notcve.org/view.php?id=CVE-2019-13161
12 Jul 2019 — An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.3... • http://downloads.digium.com/pub/security/AST-2019-003.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7251 – Asterisk Project Security Advisory - AST-2019-001
https://notcve.org/view.php?id=CVE-2019-7251
28 Feb 2019 — An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation. Un error en la propiedad signedness de un número entero (para código devuelto) en el módulo res_pjsip_sdp_rtp en Digium Asterisk, en versiones 15.7.1 y anteriores y en las 16.1.1 y anteriores, permite a los atacantes remotos no autenticados cerrar inesperadament... • https://downloads.asterisk.org/pub/security/AST-2019-001.html • CWE-190: Integer Overflow or Wraparound •