← Back

CVE-2019-18976

nvd nist
Published: Nov 22, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

Affected (7)

Digium
2 products
Asterisk
Certified Asterisk
Debian
1 product
Debian Linux
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Asterisk
From 13.0.0 to 13.29.1
Digium
Certified Asterisk
Version 13.21
Certified Asterisk
Version 13.21 cert1
Certified Asterisk
Version 13.21 cert2
Certified Asterisk
Version 13.21 cert3
Certified Asterisk
Version 13.21 cert4
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (12)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.