CVE-2019-18976
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.
Se detectó un problema en el archivo res_pjsip_t38.c en Sangoma Asterisk versiones hasta 13.x y Certified Asterisk versiones hasta 13.21-x. Si recibe una nueva invitación para iniciar el envío de faxes T.38 y tiene un puerto de 0 y sin línea c en el SDP, se producirá una desreferencia del puntero NULL y un bloqueo. Esto es diferente de CVE-2019-18940.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-11-14 CVE Reserved
- 2019-11-21 CVE Published
- 2024-08-05 CVE Updated
- 2024-11-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List |
|
| https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html | Third Party Advisory |
|
| https://seclists.org/fulldisclosure/2019/Nov/20 | Mailing List |
|
| https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2019-008.html | 2022-06-03 | |
| https://www.asterisk.org/downloads/security-advisories | 2022-06-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 13.0.0 <= 13.29.1 Search vendor "Digium" for product "Asterisk" and version " >= 13.0.0 <= 13.29.1" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.21 Search vendor "Digium" for product "Certified Asterisk" and version "13.21" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.21 Search vendor "Digium" for product "Certified Asterisk" and version "13.21" | cert1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.21 Search vendor "Digium" for product "Certified Asterisk" and version "13.21" | cert2 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.21 Search vendor "Digium" for product "Certified Asterisk" and version "13.21" | cert3 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.21 Search vendor "Digium" for product "Certified Asterisk" and version "13.21" | cert4 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||