7.5
CVE-2021-32558
- EPSS 9.11%
- Veröffentlicht 30.07.2021 14:15:16
- Zuletzt bearbeitet 21.11.2024 06:07:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Digium ≫ Certified Asterisk Version16.8 Update-
Digium ≫ Certified Asterisk Version16.8 Updatecert1-rc1
Digium ≫ Certified Asterisk Version16.8 Updatecert1-rc2
Digium ≫ Certified Asterisk Version16.8 Updatecert1-rc3
Digium ≫ Certified Asterisk Version16.8 Updatecert1-rc4
Digium ≫ Certified Asterisk Version16.8 Updatecert2
Digium ≫ Certified Asterisk Version16.8 Updatecert3
Digium ≫ Certified Asterisk Version16.8 Updatecert4
Digium ≫ Certified Asterisk Version16.8 Updatecert4-rc1
Digium ≫ Certified Asterisk Version16.8 Updatecert4-rc2
Digium ≫ Certified Asterisk Version16.8 Updatecert4-rc3
Digium ≫ Certified Asterisk Version16.8 Updatecert4-rc4
Digium ≫ Certified Asterisk Version16.8 Updatecert5
Digium ≫ Certified Asterisk Version16.8 Updatecert6
Digium ≫ Certified Asterisk Version16.8 Updatecert7
Digium ≫ Certified Asterisk Version16.8 Updatecert8
Digium ≫ Certified Asterisk Version16.8 Updatecert9
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version11.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.11% | 0.947 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
https://www.debian.org/security/2021/dsa-4999
http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html
http://seclists.org/fulldisclosure/2021/Jul/49
https://downloads.asterisk.org/pub/security/AST-2021-008.html
https://issues.asterisk.org/jira/browse/ASTERISK-29392
https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html