← Back

CVE-2021-46837

nvd nist
Published: Aug 30, 2022Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.

Affected (13)

Asterisk
1 product
Certified Asterisk
Digium
1 product
Asterisk
Debian
1 product
Debian Linux
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Asterisk
Certified Asterisk
Version 16.8.0
Certified Asterisk
Version 16.8.0 cert1
Certified Asterisk
Version 16.8.0 cert2
Certified Asterisk
Version 16.8.0 cert3
Certified Asterisk
Version 16.8.0 cert4
Certified Asterisk
Version 16.8.0 cert5
Certified Asterisk
Version 16.8.0 cert6
Digium
Asterisk
From 16.0.0 to 16.16.2
Asterisk
From 17.0.0 to 17.9.3
Asterisk
From 18.0.0 to 18.2.2
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 11.0
Debian Linux
Version 9.0

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (6)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.