VulnerableCode Package Details - pkg:deb/ubuntu/asterisk@1:16.2.1~dfsg-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-fjw1-r4dy-aaad Aliases: CVE-2019-7251	An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.	1:16.2.1~dfsg-2build2 Affected by 0 other vulnerabilities.
VCID-rs98-z37h-aaah Aliases: CVE-2019-12827	Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.	1:16.2.1~dfsg-2build2 Affected by 0 other vulnerabilities.
VCID-wwjf-nr13-aaaj Aliases: CVE-2019-13161	An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).	1:16.2.1~dfsg-2build2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fjw1-r4dy-aaad
Aliases:
CVE-2019-7251

An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.

1:16.2.1~dfsg-2build2
Affected by 0 other vulnerabilities.

VCID-rs98-z37h-aaah
Aliases:
CVE-2019-12827

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

1:16.2.1~dfsg-2build2
Affected by 0 other vulnerabilities.

VCID-wwjf-nr13-aaaj
Aliases:
CVE-2019-13161

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

1:16.2.1~dfsg-2build2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Next non-vulnerable version	1:16.2.1~dfsg-2build2
Latest non-vulnerable version	1:16.2.1~dfsg-2build2
Risk	3.1