CVE-2021-26713

Name of the Vulnerable Software and Affected Versions Sangoma Asterisk versions prior to 16.16.1 Sangoma Asterisk versions 17.x prior to 17.9.2 Sangoma Asterisk versions 18.x prior to 18.2.1 Certified Asterisk versions prior to 16.8-cert6

Description A stack-based buffer overflow in res rtp asterisk.c allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.

Recommendations For Sangoma Asterisk versions prior to 16.16.1, update to version 16.16.1 or later. For Sangoma Asterisk versions 17.x prior to 17.9.2, update to version 17.9.2 or later. For Sangoma Asterisk versions 18.x prior to 18.2.1, update to version 18.2.1 or later. For Certified Asterisk versions prior to 16.8-cert6, update to version 16.8-cert6 or later.