7.5

CVE-2019-18976

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DigiumAsterisk Version >= 13.0.0 <= 13.29.1
DigiumCertified Asterisk Version13.21
DigiumCertified Asterisk Version13.21 Updatecert1
DigiumCertified Asterisk Version13.21 Updatecert2
DigiumCertified Asterisk Version13.21 Updatecert3
DigiumCertified Asterisk Version13.21 Updatecert4
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.68% 0.93
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html
Third Party Advisory
Mailing List
https://www.asterisk.org/downloads/security-advisories
Vendor Advisory
http://downloads.asterisk.org/pub/security/AST-2019-008.html
Vendor Advisory
https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2019/Nov/20
Third Party Advisory
Mailing List
https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1
Third Party Advisory