CVE-2021-26713
Gentoo Linux Security Advisory 202412-03
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
Un desbordamiento del búfer en la región stack de la memoria en el archivo res_rtp_asterisk.c en Sangoma Asterisk versiones anteriores a 16.16.1, versiones 17.x anteriores a 17.9.2 y versiones 18.x anteriores a 18.2.1 y Certified Asterisk versiones anteriores a 16.8-cert6, permite a un cliente WebRTC autenticado causar un bloqueo de Asterisk mediante el envío de múltiples peticiones de hold/unhold en una sucesión rápida. Esto es causado por una discrepancia en la comparación de firmas
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. Versions greater than or equal to 18.24.3 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-05 CVE Reserved
- 2021-02-19 CVE Published
- 2024-08-03 CVE Updated
- 2025-06-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://downloads.asterisk.org/pub/security | 2021-02-26 | |
https://downloads.asterisk.org/pub/security/AST-2021-004.html | 2021-02-26 | |
https://issues.asterisk.org/jira/browse/ASTERISK-29205 | 2021-02-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 16.0.0 < 16.16.1 Search vendor "Digium" for product "Asterisk" and version " >= 16.0.0 < 16.16.1" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 17.0.0 < 17.9.2 Search vendor "Digium" for product "Asterisk" and version " >= 17.0.0 < 17.9.2" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 18.0.0 < 18.2.1 Search vendor "Digium" for product "Asterisk" and version " >= 18.0.0 < 18.2.1" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert1-rc1 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert1-rc2 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert1-rc3 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert1-rc4 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert2 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert3 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert4 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert4-rc1 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert4-rc2 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert4-rc3 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert4-rc4 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 16.8 Search vendor "Digium" for product "Certified Asterisk" and version "16.8" | cert5 |
Affected
|