PT-2021-17111 · Sangoma+1 · Asterisk+1
Gmza
+1
·
Published
2021-02-18
·
Updated
2025-02-13
·
CVE-2021-26717
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Sangoma Asterisk versions 16.x through 16.16.0
Sangoma Asterisk versions 17.x through 17.9.1
Sangoma Asterisk versions 18.x through 18.2.0
Certified Asterisk versions prior to 16.8-cert6
Description
An issue was discovered in Sangoma Asterisk. When re-negotiating for T.38, if the initial remote response was delayed, Asterisk would send both audio and T.38 in the SDP. If this happened and the remote responded with a declined T.38 stream, then Asterisk would crash.
Recommendations
For Sangoma Asterisk versions 16.x through 16.16.0, update to version 16.16.1 or later.
For Sangoma Asterisk versions 17.x through 17.9.1, update to version 17.9.2 or later.
For Sangoma Asterisk versions 18.x through 18.2.0, update to version 18.2.1 or later.
For Certified Asterisk versions prior to 16.8-cert6, update to version 16.8-cert6 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Asterisk