Search for vulnerabilities
Vulnerability details: VCID-x7fd-s7tx-aaac
Vulnerability ID VCID-x7fd-s7tx-aaac
Aliases CVE-2021-46837
Summary res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2021-46837
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46837
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46837
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-46837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
https://downloads.asterisk.org/pub/security/AST-2021-006.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
https://www.debian.org/security/2022/dsa-5285
1018073 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*
cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2021-46837 https://nvd.nist.gov/vuln/detail/CVE-2021-46837
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-46837
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-46837
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.06912
EPSS Score 0.0003
Published At May 11, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.