CVE-2019-13161

EPSS 2.29%
Published 12.07.2019 20:15:11
Last modified 21.11.2024 04:24:19
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Digium ≫ Certified Asterisk Version1.8.0.0 Update-

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta1

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta2

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta3

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta4

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta5

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc4

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc5

Digium ≫ Certified Asterisk Version1.8.1.0 Update-

Digium ≫ Certified Asterisk Version1.8.1.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.2.0 Update-

Digium ≫ Certified Asterisk Version1.8.2.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.3.0 Update-

Digium ≫ Certified Asterisk Version1.8.3.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.3.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.3.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.4.0 Update-

Digium ≫ Certified Asterisk Version1.8.4.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.4.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.4.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.5.0 Update-

Digium ≫ Certified Asterisk Version1.8.5.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.6.0 Update-

Digium ≫ Certified Asterisk Version1.8.6.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.6.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.6.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.7.0 Update-

Digium ≫ Certified Asterisk Version1.8.7.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.7.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.8.0 Update-

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc4

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc5

Digium ≫ Certified Asterisk Version1.8.9.0 Update-

Digium ≫ Certified Asterisk Version1.8.9.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.9.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.9.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.10.0 Update-

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc4

Digium ≫ Certified Asterisk Version1.8.11 Updatecert

Digium ≫ Certified Asterisk Version1.8.11 Updatecert1

Digium ≫ Certified Asterisk Version1.8.11 Updatecert10

Digium ≫ Certified Asterisk Version1.8.11 Updatecert2

Digium ≫ Certified Asterisk Version1.8.11 Updatecert3

Digium ≫ Certified Asterisk Version1.8.11 Updatecert3-rc1

Digium ≫ Certified Asterisk Version1.8.11 Updatecert3-rc2

Digium ≫ Certified Asterisk Version1.8.11 Updatecert4

Digium ≫ Certified Asterisk Version1.8.11 Updatecert5

Digium ≫ Certified Asterisk Version1.8.11 Updatecert5-rc1

Digium ≫ Certified Asterisk Version1.8.11 Updatecert5-rc2

Digium ≫ Certified Asterisk Version1.8.11 Updatecert6

Digium ≫ Certified Asterisk Version1.8.11 Updatecert7

Digium ≫ Certified Asterisk Version1.8.11 Updatecert8

Digium ≫ Certified Asterisk Version1.8.11 Updatecert9

Digium ≫ Certified Asterisk Version1.8.11 Updatecert9-rc1

Digium ≫ Certified Asterisk Version1.8.11.0 Update-

Digium ≫ Certified Asterisk Version1.8.11.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.11.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.11.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.12.0 Update-

Digium ≫ Certified Asterisk Version1.8.12.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.12.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.12.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.13.0 Update-

Digium ≫ Certified Asterisk Version1.8.13.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.13.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.14.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.14.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.15 Update-

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1-rc1

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1-rc2

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1-rc3

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1_rc1

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1_rc2

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1_rc3

Digium ≫ Certified Asterisk Version1.8.15 Updatecert2

Digium ≫ Certified Asterisk Version1.8.15 Updatecert3

Digium ≫ Certified Asterisk Version1.8.15 Updatecert4

Digium ≫ Certified Asterisk Version1.8.15 Updatecert5

Digium ≫ Certified Asterisk Version1.8.15 Updatecert6

Digium ≫ Certified Asterisk Version1.8.15 Updatecert7

Digium ≫ Certified Asterisk Version1.8.28

Digium ≫ Certified Asterisk Version1.8.28 Updatecert1 SwEditionlts

Digium ≫ Certified Asterisk Version1.8.28 Updatecert1-rc1

Digium ≫ Certified Asterisk Version1.8.28 Updatecert2

Digium ≫ Certified Asterisk Version1.8.28 Updatecert2 SwEditionlts

Digium ≫ Certified Asterisk Version1.8.28 Updatecert3

Digium ≫ Certified Asterisk Version1.8.28 Updatecert4

Digium ≫ Certified Asterisk Version1.8.28 Updatecert5

Digium ≫ Certified Asterisk Version1.8.28.0 SwEditionlts

Digium ≫ Certified Asterisk Version11.0.0

Digium ≫ Certified Asterisk Version11.0.0 Updaterc1

Digium ≫ Certified Asterisk Version11.0.0 Updaterc2

Digium ≫ Certified Asterisk Version11.1.0

Digium ≫ Certified Asterisk Version11.1.0 Updaterc1

Digium ≫ Certified Asterisk Version11.1.0 Updaterc2

Digium ≫ Certified Asterisk Version11.1.0 Updaterc3

Digium ≫ Certified Asterisk Version11.2 Updatecert1

Digium ≫ Certified Asterisk Version11.2 Updatecert1-rc2

Digium ≫ Certified Asterisk Version11.2 Updatecert2

Digium ≫ Certified Asterisk Version11.2 Updatecert3

Digium ≫ Certified Asterisk Version11.3.0

Digium ≫ Certified Asterisk Version11.3.0 Updaterc1

Digium ≫ Certified Asterisk Version11.3.0 Updaterc2

Digium ≫ Certified Asterisk Version11.4.0

Digium ≫ Certified Asterisk Version11.4.0 Updaterc1

Digium ≫ Certified Asterisk Version11.4.0 Updaterc2

Digium ≫ Certified Asterisk Version11.4.0 Updaterc3

Digium ≫ Certified Asterisk Version11.5.0

Digium ≫ Certified Asterisk Version11.5.0 Updaterc1

Digium ≫ Certified Asterisk Version11.5.0 Updaterc2

Digium ≫ Certified Asterisk Version11.6 Updatecert1

Digium ≫ Certified Asterisk Version11.6 Updatecert1 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert1-rc1

Digium ≫ Certified Asterisk Version11.6 Updatecert1-rc2

Digium ≫ Certified Asterisk Version11.6 Updatecert1_rc1

Digium ≫ Certified Asterisk Version11.6 Updatecert1_rc2

Digium ≫ Certified Asterisk Version11.6 Updatecert10

Digium ≫ Certified Asterisk Version11.6 Updatecert11

Digium ≫ Certified Asterisk Version11.6 Updatecert12

Digium ≫ Certified Asterisk Version11.6 Updatecert12 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert13

Digium ≫ Certified Asterisk Version11.6 Updatecert13 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert14

Digium ≫ Certified Asterisk Version11.6 Updatecert14 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert14-rc1

Digium ≫ Certified Asterisk Version11.6 Updatecert14-rc2

Digium ≫ Certified Asterisk Version11.6 Updatecert15

Digium ≫ Certified Asterisk Version11.6 Updatecert15 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert16

Digium ≫ Certified Asterisk Version11.6 Updatecert17

Digium ≫ Certified Asterisk Version11.6 Updatecert18

Digium ≫ Certified Asterisk Version11.6 Updatecert2

Digium ≫ Certified Asterisk Version11.6 Updatecert2 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert3

Digium ≫ Certified Asterisk Version11.6 Updatecert3 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert4

Digium ≫ Certified Asterisk Version11.6 Updatecert4 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert5

Digium ≫ Certified Asterisk Version11.6 Updatecert5 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert6

Digium ≫ Certified Asterisk Version11.6 Updatecert6 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert7

Digium ≫ Certified Asterisk Version11.6 Updatecert7 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert8

Digium ≫ Certified Asterisk Version11.6 Updatecert8 SwEditionlts

Digium ≫ Certified Asterisk Version11.6 Updatecert9

Digium ≫ Certified Asterisk Version11.6.0 SwEditionlts

Digium ≫ Certified Asterisk Version11.6.0 Update-

Digium ≫ Certified Asterisk Version11.6.0 Updaterc1

Digium ≫ Certified Asterisk Version11.6.0 Updaterc2

Digium ≫ Certified Asterisk Version13.1 Updatecert1

Digium ≫ Certified Asterisk Version13.1 Updatecert1-rc1

Digium ≫ Certified Asterisk Version13.1 Updatecert1-rc3

Digium ≫ Certified Asterisk Version13.1 Updatecert2

Digium ≫ Certified Asterisk Version13.1 Updatecert3

Digium ≫ Certified Asterisk Version13.1 Updatecert3-rc1

Digium ≫ Certified Asterisk Version13.1 Updatecert4

Digium ≫ Certified Asterisk Version13.1 Updatecert5

Digium ≫ Certified Asterisk Version13.1 Updatecert6

Digium ≫ Certified Asterisk Version13.1 Updatecert7

Digium ≫ Certified Asterisk Version13.1 Updatecert8

Digium ≫ Certified Asterisk Version13.1.0

Digium ≫ Certified Asterisk Version13.1.0 Updaterc1

Digium ≫ Certified Asterisk Version13.1.0 Updaterc2

Digium ≫ Certified Asterisk Version13.8 Updatecert1

Digium ≫ Certified Asterisk Version13.8 Updatecert1-rc2

Digium ≫ Certified Asterisk Version13.8 Updatecert1-rc3

Digium ≫ Certified Asterisk Version13.8 Updatecert1_rc1

Digium ≫ Certified Asterisk Version13.8 Updatecert1_rc2

Digium ≫ Certified Asterisk Version13.8 Updatecert1_rc3

Digium ≫ Certified Asterisk Version13.8 Updatecert2

Digium ≫ Certified Asterisk Version13.8 Updatecert2-rc1

Digium ≫ Certified Asterisk Version13.8 Updatecert2_rc1

Digium ≫ Certified Asterisk Version13.8 Updatecert3

Digium ≫ Certified Asterisk Version13.8 Updatecert4

Digium ≫ Certified Asterisk Version13.8.0

Digium ≫ Certified Asterisk Version13.8.0 Updaterc1

Digium ≫ Certified Asterisk Version13.13 Updatecert1-rc1

Digium ≫ Certified Asterisk Version13.13 Updatecert1-rc2

Digium ≫ Certified Asterisk Version13.13 Updatecert1-rc3

Digium ≫ Certified Asterisk Version13.13 Updatecert1-rc4

Digium ≫ Certified Asterisk Version13.13 Updatecert2

Digium ≫ Certified Asterisk Version13.13 Updatecert3

Digium ≫ Certified Asterisk Version13.13 Updatecert4

Digium ≫ Certified Asterisk Version13.13 Updatecert5

Digium ≫ Certified Asterisk Version13.13 Updatecert6

Digium ≫ Certified Asterisk Version13.13 Updatecert7

Digium ≫ Certified Asterisk Version13.13 Updatecert8

Digium ≫ Certified Asterisk Version13.13 Updatecert9

Digium ≫ Certified Asterisk Version13.13-cert2

Digium ≫ Certified Asterisk Version13.18 Updatecert1

Digium ≫ Certified Asterisk Version13.18 Updatecert1-rc1

Digium ≫ Certified Asterisk Version13.18 Updatecert1-rc2

Digium ≫ Certified Asterisk Version13.18 Updatecert1-rc3

Digium ≫ Certified Asterisk Version13.18 Updatecert2

Digium ≫ Certified Asterisk Version13.18 Updatecert3

Digium ≫ Certified Asterisk Version13.18 Updatecert4

Digium ≫ Certified Asterisk Version13.21 Updatecert1

Digium ≫ Certified Asterisk Version13.21 Updatecert1-rc1

Digium ≫ Certified Asterisk Version13.21 Updatecert1-rc2

Digium ≫ Certified Asterisk Version13.21 Updatecert2

Digium ≫ Certified Asterisk Version13.21 Updatecert3

Digium ≫ Asterisk Version >= 13.0.0 < 13.27.1

Digium ≫ Asterisk Version >= 15.0.0 < 15.7.3

Digium ≫ Asterisk Version >= 16.0.0 < 16.4.1

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.29%	0.84

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://downloads.digium.com/pub/security/AST-2019-003.html

Vendor Advisory

https://issues.asterisk.org/jira/browse/ASTERISK-28465

Vendor Advisory

Issue Tracking

https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2019-13161

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13161

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13161

EUVD