PT-2019-14037 · Sangoma+1 · Asterisk+1
Gregory Massel
·
Published
2019-09-09
·
Updated
2022-11-18
·
CVE-2019-15297
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Sangoma Asterisk versions 13.21-cert4 through 15.7.3
Sangoma Asterisk versions 16.5.0
Description
The issue allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.
Recommendations
For Sangoma Asterisk versions 13.21-cert4 through 15.7.3, update to version 15.7.4 or later.
For Sangoma Asterisk version 16.5.0, update to version 16.5.1 or later.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Asterisk