Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-13161
HistoryJul 12, 2019 - 8:15 p.m.

CVE-2019-13161

2019-07-1220:15:11
CWE-476
[email protected]
web.nvd.nist.gov
355
4
asterisk
open source
cve-2019-13161
security
vulnerability
sdp
t.38
re-invite
chan_sip

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.8%

JSON

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

Affected configurations

NVD
Node
digiumcertified_asteriskMatch1.8.0.0-
OR
digiumcertified_asteriskMatch1.8.0.0beta1
OR
digiumcertified_asteriskMatch1.8.0.0beta2
OR
digiumcertified_asteriskMatch1.8.0.0beta3
OR
digiumcertified_asteriskMatch1.8.0.0beta4
OR
digiumcertified_asteriskMatch1.8.0.0beta5
OR
digiumcertified_asteriskMatch1.8.0.0rc1
OR
digiumcertified_asteriskMatch1.8.0.0rc2
OR
digiumcertified_asteriskMatch1.8.0.0rc3
OR
digiumcertified_asteriskMatch1.8.0.0rc4
OR
digiumcertified_asteriskMatch1.8.0.0rc5
OR
digiumcertified_asteriskMatch1.8.1.0-
OR
digiumcertified_asteriskMatch1.8.1.0rc1
OR
digiumcertified_asteriskMatch1.8.2.0-
OR
digiumcertified_asteriskMatch1.8.2.0rc1
OR
digiumcertified_asteriskMatch1.8.3.0-
OR
digiumcertified_asteriskMatch1.8.3.0rc1
OR
digiumcertified_asteriskMatch1.8.3.0rc2
OR
digiumcertified_asteriskMatch1.8.3.0rc3
OR
digiumcertified_asteriskMatch1.8.4.0-
OR
digiumcertified_asteriskMatch1.8.4.0rc1
OR
digiumcertified_asteriskMatch1.8.4.0rc2
OR
digiumcertified_asteriskMatch1.8.4.0rc3
OR
digiumcertified_asteriskMatch1.8.5.0-
OR
digiumcertified_asteriskMatch1.8.5.0rc1
OR
digiumcertified_asteriskMatch1.8.6.0-
OR
digiumcertified_asteriskMatch1.8.6.0rc1
OR
digiumcertified_asteriskMatch1.8.6.0rc2
OR
digiumcertified_asteriskMatch1.8.6.0rc3
OR
digiumcertified_asteriskMatch1.8.7.0-
OR
digiumcertified_asteriskMatch1.8.7.0rc1
OR
digiumcertified_asteriskMatch1.8.7.0rc2
OR
digiumcertified_asteriskMatch1.8.8.0-
OR
digiumcertified_asteriskMatch1.8.8.0rc1
OR
digiumcertified_asteriskMatch1.8.8.0rc2
OR
digiumcertified_asteriskMatch1.8.8.0rc3
OR
digiumcertified_asteriskMatch1.8.8.0rc4
OR
digiumcertified_asteriskMatch1.8.8.0rc5
OR
digiumcertified_asteriskMatch1.8.9.0-
OR
digiumcertified_asteriskMatch1.8.9.0rc1
OR
digiumcertified_asteriskMatch1.8.9.0rc2
OR
digiumcertified_asteriskMatch1.8.9.0rc3
OR
digiumcertified_asteriskMatch1.8.10.0-
OR
digiumcertified_asteriskMatch1.8.10.0rc1
OR
digiumcertified_asteriskMatch1.8.10.0rc2
OR
digiumcertified_asteriskMatch1.8.10.0rc3
OR
digiumcertified_asteriskMatch1.8.10.0rc4
OR
digiumcertified_asteriskMatch1.8.11cert
OR
digiumcertified_asteriskMatch1.8.11cert1
OR
digiumcertified_asteriskMatch1.8.11cert10
OR
digiumcertified_asteriskMatch1.8.11cert2
OR
digiumcertified_asteriskMatch1.8.11cert3
OR
digiumcertified_asteriskMatch1.8.11cert3-rc1
OR
digiumcertified_asteriskMatch1.8.11cert3-rc2
OR
digiumcertified_asteriskMatch1.8.11cert4
OR
digiumcertified_asteriskMatch1.8.11cert5
OR
digiumcertified_asteriskMatch1.8.11cert5-rc1
OR
digiumcertified_asteriskMatch1.8.11cert5-rc2
OR
digiumcertified_asteriskMatch1.8.11cert6
OR
digiumcertified_asteriskMatch1.8.11cert7
OR
digiumcertified_asteriskMatch1.8.11cert8
OR
digiumcertified_asteriskMatch1.8.11cert9
OR
digiumcertified_asteriskMatch1.8.11cert9-rc1
OR
digiumcertified_asteriskMatch1.8.11.0-
OR
digiumcertified_asteriskMatch1.8.11.0rc1
OR
digiumcertified_asteriskMatch1.8.11.0rc2
OR
digiumcertified_asteriskMatch1.8.11.0rc3
OR
digiumcertified_asteriskMatch1.8.12.0-
OR
digiumcertified_asteriskMatch1.8.12.0rc1
OR
digiumcertified_asteriskMatch1.8.12.0rc2
OR
digiumcertified_asteriskMatch1.8.12.0rc3
OR
digiumcertified_asteriskMatch1.8.13.0-
OR
digiumcertified_asteriskMatch1.8.13.0rc1
OR
digiumcertified_asteriskMatch1.8.13.0rc2
OR
digiumcertified_asteriskMatch1.8.14.0rc1
OR
digiumcertified_asteriskMatch1.8.14.0rc2
OR
digiumcertified_asteriskMatch1.8.15-
OR
digiumcertified_asteriskMatch1.8.15cert1
OR
digiumcertified_asteriskMatch1.8.15cert1-rc1
OR
digiumcertified_asteriskMatch1.8.15cert1-rc2
OR
digiumcertified_asteriskMatch1.8.15cert1-rc3
OR
digiumcertified_asteriskMatch1.8.15cert1_rc1
OR
digiumcertified_asteriskMatch1.8.15cert1_rc2
OR
digiumcertified_asteriskMatch1.8.15cert1_rc3
OR
digiumcertified_asteriskMatch1.8.15cert2
OR
digiumcertified_asteriskMatch1.8.15cert3
OR
digiumcertified_asteriskMatch1.8.15cert4
OR
digiumcertified_asteriskMatch1.8.15cert5
OR
digiumcertified_asteriskMatch1.8.15cert6
OR
digiumcertified_asteriskMatch1.8.15cert7
OR
digiumcertified_asteriskMatch1.8.28
OR
digiumcertified_asteriskMatch1.8.28cert1lts
OR
digiumcertified_asteriskMatch1.8.28cert1-rc1
OR
digiumcertified_asteriskMatch1.8.28cert2
OR
digiumcertified_asteriskMatch1.8.28cert2lts
OR
digiumcertified_asteriskMatch1.8.28cert3
OR
digiumcertified_asteriskMatch1.8.28cert4
OR
digiumcertified_asteriskMatch1.8.28cert5
OR
digiumcertified_asteriskMatch1.8.28.0lts
OR
digiumcertified_asteriskMatch11.0.0
OR
digiumcertified_asteriskMatch11.0.0rc1
OR
digiumcertified_asteriskMatch11.0.0rc2
OR
digiumcertified_asteriskMatch11.1.0
OR
digiumcertified_asteriskMatch11.1.0rc1
OR
digiumcertified_asteriskMatch11.1.0rc2
OR
digiumcertified_asteriskMatch11.1.0rc3
OR
digiumcertified_asteriskMatch11.2cert1
OR
digiumcertified_asteriskMatch11.2cert1-rc2
OR
digiumcertified_asteriskMatch11.2cert2
OR
digiumcertified_asteriskMatch11.2cert3
OR
digiumcertified_asteriskMatch11.3.0
OR
digiumcertified_asteriskMatch11.3.0rc1
OR
digiumcertified_asteriskMatch11.3.0rc2
OR
digiumcertified_asteriskMatch11.4.0
OR
digiumcertified_asteriskMatch11.4.0rc1
OR
digiumcertified_asteriskMatch11.4.0rc2
OR
digiumcertified_asteriskMatch11.4.0rc3
OR
digiumcertified_asteriskMatch11.5.0
OR
digiumcertified_asteriskMatch11.5.0rc1
OR
digiumcertified_asteriskMatch11.5.0rc2
OR
digiumcertified_asteriskMatch11.6cert1
OR
digiumcertified_asteriskMatch11.6cert1lts
OR
digiumcertified_asteriskMatch11.6cert1-rc1
OR
digiumcertified_asteriskMatch11.6cert1-rc2
OR
digiumcertified_asteriskMatch11.6cert1_rc1
OR
digiumcertified_asteriskMatch11.6cert1_rc2
OR
digiumcertified_asteriskMatch11.6cert10
OR
digiumcertified_asteriskMatch11.6cert11
OR
digiumcertified_asteriskMatch11.6cert12
OR
digiumcertified_asteriskMatch11.6cert12lts
OR
digiumcertified_asteriskMatch11.6cert13
OR
digiumcertified_asteriskMatch11.6cert13lts
OR
digiumcertified_asteriskMatch11.6cert14
OR
digiumcertified_asteriskMatch11.6cert14lts
OR
digiumcertified_asteriskMatch11.6cert14-rc1
OR
digiumcertified_asteriskMatch11.6cert14-rc2
OR
digiumcertified_asteriskMatch11.6cert15
OR
digiumcertified_asteriskMatch11.6cert15lts
OR
digiumcertified_asteriskMatch11.6cert16
OR
digiumcertified_asteriskMatch11.6cert17
OR
digiumcertified_asteriskMatch11.6cert18
OR
digiumcertified_asteriskMatch11.6cert2
OR
digiumcertified_asteriskMatch11.6cert2lts
OR
digiumcertified_asteriskMatch11.6cert3
OR
digiumcertified_asteriskMatch11.6cert3lts
OR
digiumcertified_asteriskMatch11.6cert4
OR
digiumcertified_asteriskMatch11.6cert4lts
OR
digiumcertified_asteriskMatch11.6cert5
OR
digiumcertified_asteriskMatch11.6cert5lts
OR
digiumcertified_asteriskMatch11.6cert6
OR
digiumcertified_asteriskMatch11.6cert6lts
OR
digiumcertified_asteriskMatch11.6cert7
OR
digiumcertified_asteriskMatch11.6cert7lts
OR
digiumcertified_asteriskMatch11.6cert8
OR
digiumcertified_asteriskMatch11.6cert8lts
OR
digiumcertified_asteriskMatch11.6cert9
OR
digiumcertified_asteriskMatch11.6.0lts
OR
digiumcertified_asteriskMatch11.6.0-
OR
digiumcertified_asteriskMatch11.6.0rc1
OR
digiumcertified_asteriskMatch11.6.0rc2
OR
digiumcertified_asteriskMatch13.1cert1
OR
digiumcertified_asteriskMatch13.1cert1-rc1
OR
digiumcertified_asteriskMatch13.1cert1-rc3
OR
digiumcertified_asteriskMatch13.1cert2
OR
digiumcertified_asteriskMatch13.1cert3
OR
digiumcertified_asteriskMatch13.1cert3-rc1
OR
digiumcertified_asteriskMatch13.1cert4
OR
digiumcertified_asteriskMatch13.1cert5
OR
digiumcertified_asteriskMatch13.1cert6
OR
digiumcertified_asteriskMatch13.1cert7
OR
digiumcertified_asteriskMatch13.1cert8
OR
digiumcertified_asteriskMatch13.1.0
OR
digiumcertified_asteriskMatch13.1.0rc1
OR
digiumcertified_asteriskMatch13.1.0rc2
OR
digiumcertified_asteriskMatch13.8cert1
OR
digiumcertified_asteriskMatch13.8cert1-rc2
OR
digiumcertified_asteriskMatch13.8cert1-rc3
OR
digiumcertified_asteriskMatch13.8cert1_rc1
OR
digiumcertified_asteriskMatch13.8cert1_rc2
OR
digiumcertified_asteriskMatch13.8cert1_rc3
OR
digiumcertified_asteriskMatch13.8cert2
OR
digiumcertified_asteriskMatch13.8cert2-rc1
OR
digiumcertified_asteriskMatch13.8cert2_rc1
OR
digiumcertified_asteriskMatch13.8cert3
OR
digiumcertified_asteriskMatch13.8cert4
OR
digiumcertified_asteriskMatch13.8.0
OR
digiumcertified_asteriskMatch13.8.0rc1
OR
digiumcertified_asteriskMatch13.13cert1-rc1
OR
digiumcertified_asteriskMatch13.13cert1-rc2
OR
digiumcertified_asteriskMatch13.13cert1-rc3
OR
digiumcertified_asteriskMatch13.13cert1-rc4
OR
digiumcertified_asteriskMatch13.13cert2
OR
digiumcertified_asteriskMatch13.13cert3
OR
digiumcertified_asteriskMatch13.13cert4
OR
digiumcertified_asteriskMatch13.13cert5
OR
digiumcertified_asteriskMatch13.13cert6
OR
digiumcertified_asteriskMatch13.13cert7
OR
digiumcertified_asteriskMatch13.13cert8
OR
digiumcertified_asteriskMatch13.13cert9
OR
digiumcertified_asteriskMatch13.13-cert2
OR
digiumcertified_asteriskMatch13.18cert1
OR
digiumcertified_asteriskMatch13.18cert1-rc1
OR
digiumcertified_asteriskMatch13.18cert1-rc2
OR
digiumcertified_asteriskMatch13.18cert1-rc3
OR
digiumcertified_asteriskMatch13.18cert2
OR
digiumcertified_asteriskMatch13.18cert3
OR
digiumcertified_asteriskMatch13.18cert4
OR
digiumcertified_asteriskMatch13.21cert1
OR
digiumcertified_asteriskMatch13.21cert1-rc1
OR
digiumcertified_asteriskMatch13.21cert1-rc2
OR
digiumcertified_asteriskMatch13.21cert2
OR
digiumcertified_asteriskMatch13.21cert3
Node
digiumasteriskRange13.0.013.27.1
OR
digiumasteriskRange15.0.015.7.3
OR
digiumasteriskRange16.0.016.4.1
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0

Social References

More

Related

osv 2
cvelist 1
nessus 3
prion 1
veracode 1
freebsd 1
nvd 1
ubuntucve 1
debian 3
debiancve 1
alpinelinux 1
openvas 3
osv
osv
CVE-2019-13161
2019-07-12 20:15:11
asterisk - security update
2022-04-03 00:00:00
cvelist
cvelist
CVE-2019-13161
2019-07-12 19:24:37
nessus
nessus
FreeBSD : asterisk -- Remote Crash Vulnerability in chan_sip channel driver (e9d2e981-a46d-11e9-bed9-001999f8d30b)
2019-07-15 00:00:00
Debian DLA-2017-2 : asterisk regression update
2019-12-03 00:00:00
Debian DLA-2969-1 : asterisk - LTS security update
2022-04-03 00:00:00
prion
prion
Null pointer dereference
2019-07-12 20:15:00
veracode
veracode
Denial Of Service (DoS)
2022-04-06 10:03:07
freebsd
freebsd
asterisk -- Remote Crash Vulnerability in chan_sip channel driver
2019-06-28 00:00:00
nvd
nvd
CVE-2019-13161
2019-07-12 20:15:11
ubuntucve
ubuntucve
CVE-2019-13161
2019-07-12 00:00:00
debian
debian
[SECURITY] [DLA 2017-2] asterisk regression update
2019-12-01 14:13:24
[SECURITY] [DLA 2017-1] asterisk security update
2019-11-30 20:56:56
[SECURITY] [DLA 2969-1] asterisk security update
2022-04-03 05:56:53
debiancve
debiancve
CVE-2019-13161
2019-07-12 20:15:11
alpinelinux
alpinelinux
CVE-2019-13161
2019-07-12 20:15:11
openvas
openvas
Asterisk Multiple DoS Vulnerabilities (AST-2019-002, AST-2019-003)
2019-07-12 00:00:00
Debian: Security Advisory (DLA-2017-1)
2019-12-01 00:00:00
Debian: Security Advisory (DLA-2969-1)
2022-04-04 00:00:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.8%

JSON
Related for CVE-2019-13161
osv2cvelist1nessus3prion1veracode1freebsd1nvd1ubuntucve1debian3debiancve1alpinelinux1openvas3