VuXML ID | Description |
7d53d8da-d07a-11e9-8f1a-001999f8d30b | asterisk -- Remote Crash Vulnerability in audio transcoding
The Asterisk project reports:
When audio frames are given to the audio transcoding
support in Asterisk the number of samples are examined
and as part of this a message is output to indicate that
no samples are present. A change was done to suppress
this message for a particular scenario in which the message
was not relevant. This change assumed that information
about the origin of a frame will always exist when in
reality it may not.
This issue presented itself when an RTP packet containing
no audio (and thus no samples) was received. In a particular
transcoding scenario this audio frame would get turned
into a frame with no origin information. If this new frame
was then given to the audio transcoding support a crash
would occur as no samples and no origin information would
be present. The transcoding scenario requires the genericplc
option to be set to enabled (the default) and a transcoding
path from the source format into signed linear and then
from signed linear into another format.
Note that there may be other scenarios that have not
been found which can cause an audio frame with no origin
to be given to the audio transcoding support and thus
cause a crash.
Discovery 2019-08-07 Entry 2019-09-06 asterisk13
< 13.28.1
asterisk16
< 16.5.1
https://downloads.asterisk.org/pub/security/AST-2019-005.html
CVE-2019-15639
|
972fe546-1fb6-11eb-b9d4-001999f8d30b | asterisk -- Remote crash in res_pjsip_session
The Asterisk project reports:
Upon receiving a new SIP Invite, Asterisk did not
return the created dialog locked or referenced. This
caused a gap between the creation of the dialog object,
and its next use by the thread that created it. Depending
upon some off nominal circumstances, and timing it was
possible for another thread to free said dialog in this
gap. Asterisk could then crash when the dialog object,
or any of its dependent objects were de-referenced, or
accessed next by the initial creation thread.
Discovery 2020-11-05 Entry 2020-11-05 asterisk13
< 13.37.1
asterisk16
< 16.14.1
asterisk18
< 18.0.1
https://downloads.asterisk.org/pub/security/AST-2020-001.html
|
1bb2826b-7229-11eb-8386-001999f8d30b | asterisk -- Remote Crash Vulnerability in PJSIP channel driver
The Asterisk project reports:
Given a scenario where an outgoing call is placed from
Asterisk to a remote SIP server it is possible for a crash
to occur.
Discovery 2021-02-08 Entry 2021-02-18 asterisk13
< 13.38.2
asterisk16
< 16.16.1
asterisk18
< 18.2.1
CVE-2021-26906
https://downloads.asterisk.org/pub/security/AST-2021-005.html
|
964c5460-9c66-11ec-ad3a-001999f8d30b | asterisk -- multiple vulnerabilities
The Asterisk project reports:
AST-2022-004 - The header length on incoming STUN
messages that contain an ERROR-CODE attribute is not
properly checked. This can result in an integer underflow.
Note, this requires ICE or WebRTC support to be in use
with a malicious remote party.
AST-2022-005 - When acting as a UAC, and when placing
an outgoing call to a target that then forks Asterisk may
experience undefined behavior (crashes, hangs, etc) after
a dialog set is prematurely freed.
AST-2022-006 - If an incoming SIP message contains a
malformed multi-part body an out of bounds read access
may occur, which can result in undefined behavior. Note,
its currently uncertain if there is any externally
exploitable vector within Asterisk for this issue, but
providing this as a security issue out of caution.
Discovery 2022-03-03 Entry 2022-03-05 asterisk16
< 16.24.1
asterisk18
< 18.10.1
CVE-2021-37706
CVE-2022-23608
CVE-2022-21723
https://downloads.asterisk.org/pub/security/AST-2022-004.html
https://downloads.asterisk.org/pub/security/AST-2022-005.html
https://downloads.asterisk.org/pub/security/AST-2022-006.html
|
fb3455be-ebf6-11eb-aef1-0897988a1c07 | asterisk -- Remote crash when using IAX2 channel driver
The Asterisk project reports:
If the IAX2 channel driver receives a packet that
contains an unsupported media format it can cause a crash
to occur in Asterisk.
Discovery 2021-04-13 Entry 2021-07-23 asterisk13
< 13.38.3
asterisk16
< 16.19.1
asterisk18
< 18.5.1
CVE-2021-32558
https://downloads.asterisk.org/pub/security/AST-2021-008.html
|
a5de43ed-bc49-11ec-b516-0897988a1c07 | Asterisk -- func_odbc: Possible SQL Injection
The Asterisk project reports:
Some databases can use backslashes to escape certain
characters, such as backticks. If input is provided to
func_odbc which includes backslashes it is possible for
func_odbc to construct a broken SQL query and the SQL
query to fail.
Discovery 2022-04-14 Entry 2022-04-14 asterisk16
< 16.25.2
asterisk18
< 18.11.2
CVE-2022-26651
https://downloads.asterisk.org/pub/security/AST-2022-003.html
|
53fbffe6-ebf7-11eb-aef1-0897988a1c07 | asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake
The Asterisk project reports:
Depending on the timing, it's possible for Asterisk to
crash when using a TLS connection if the underlying socket
parent/listener gets destroyed during the handshake.
Discovery 2021-05-05 Entry 2021-07-23 asterisk13
< 13.38.3
asterisk16
< 16.19.1
asterisk18
< 18.5.1
CVE-2021-32686
https://downloads.asterisk.org/pub/security/AST-2021-009.html
|
6adf6ce0-44a6-11eb-95b7-001999f8d30b | asterisk -- Remote crash in res_pjsip_diversion
The Asterisk project reports:
AST-2020-003: A crash can occur in Asterisk when a SIP
message is received that has a History-Info header, which
contains a tel-uri.
AST-2020-004: A crash can occur in Asterisk when a SIP
181 response is received that has a Diversion header,
which contains a tel-uri.
Discovery 2020-12-02 Entry 2020-12-22 asterisk13
< 13.38.1
asterisk16
< 16.15.1
asterisk18
< 18.1.1
https://downloads.asterisk.org/pub/security/AST-2020-003.html
https://downloads.asterisk.org/pub/security/AST-2020-004.html
|
9e8f0766-7d21-11eb-a2be-001999f8d30b | asterisk -- Crash when negotiating T.38 with a zero port
The Asterisk project reports:
When Asterisk sends a re-invite initiating T.38 faxing
and the endpoint responds with a m=image line and zero
port, a crash will occur in Asterisk. This is a reoccurrence
of AST-2019-004.
Discovery 2021-02-20 Entry 2021-03-04 asterisk16
< 16.16.2
asterisk18
< 18.2.2
CVE-2019-15297
https://downloads.asterisk.org/pub/security/AST-2021-006.html
|
29b7f0be-1fb7-11eb-b9d4-001999f8d30b | asterisk -- Outbound INVITE loop on challenge with different nonce
The Asterisk project reports:
If Asterisk is challenged on an outbound INVITE and
the nonce is changed in each response, Asterisk will
continually send INVITEs in a loop. This causes Asterisk
to consume more and more memory since the transaction
will never terminate (even if the call is hung up),
ultimately leading to a restart or shutdown of Asterisk.
Outbound authentication must be configured on the endpoint
for this to occur.
Discovery 2020-11-05 Entry 2020-11-05 asterisk13
< 13.37.1
asterisk16
< 16.14.1
asterisk18
< 18.0.1
https://downloads.asterisk.org/pub/security/AST-2020-002.html
|
d94c08d2-d079-11e9-8f1a-001999f8d30b | asterisk -- Crash when negotiating for T.38 with a declined stream
The Asterisk project reports:
When Asterisk sends a re-invite initiating T.38 faxing,
and the endpoint responds with a declined media stream a
crash will then occur in Asterisk.
Discovery 2019-08-05 Entry 2019-09-06 asterisk15
< 15.7.4
asterisk16
< 16.5.1
https://downloads.asterisk.org/pub/security/AST-2019-004.html
CVE-2019-15297
|
a8d94711-0d03-11ea-87ca-001999f8d30b | asterisk -- SIP request can change address of a SIP peer
The Asterisk project reports:
A SIP request can be sent to Asterisk that can change
a SIP peers IP address. A REGISTER does not need to occur,
and calls can be hijacked as a result. The only thing
that needs to be known is the peers name; authentication
details such as passwords do not need to be known. This
vulnerability is only exploitable when the nat option is
set to the default, or auto_force_rport.
Discovery 2019-10-17 Entry 2019-11-22 asterisk13
< 13.29.2
asterisk16
< 16.6.2
https://downloads.asterisk.org/pub/security/AST-2019-006.html
CVE-2019-18790
|
49b61ab6-0d04-11ea-87ca-001999f8d30b | asterisk -- AMI user could execute system commands
The Asterisk project reports:
A remote authenticated Asterisk Manager Interface (AMI)
user without system authorization could use a specially
crafted Originate AMI request to execute arbitrary system
commands.
Discovery 2019-10-10 Entry 2019-11-22 asterisk13
< 13.29.2
asterisk16
< 16.6.2
https://downloads.asterisk.org/pub/security/AST-2019-007.html
CVE-2019-18610
|