Search for vulnerabilities
Vulnerability details: VCID-3jdb-smxh-aaam
Vulnerability ID VCID-3jdb-smxh-aaam
Aliases CVE-2019-18976
Summary An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.06198 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.08581 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.08581 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.08581 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.08581 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.08581 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.08581 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.08581 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.08581 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.08581 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.11520 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.11520 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.15435 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
epss 0.15435 https://api.first.org/data/v1/epss?cve=CVE-2019-18976
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2019-18976
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18976
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18976
Reference id Reference type URL
http://downloads.asterisk.org/pub/security/AST-2019-008.html
https://api.first.org/data/v1/epss?cve=CVE-2019-18976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18976
https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html
https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html
https://seclists.org/fulldisclosure/2019/Nov/20
https://www.asterisk.org/downloads/security-advisories
https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.21:cert4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21:cert4:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2019-18976 https://nvd.nist.gov/vuln/detail/CVE-2019-18976
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-18976
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-18976
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-18976
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.24938
EPSS Score 0.001
Published At April 5, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.