Null pointer dereference

2019-07-1220:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.8%

JSON

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq9.0
asteriskge15.0.0
asterisklt15.7.3
asteriskge16.0.0
asterisklt16.4.1
asteriskge13.0.0
asterisklt13.27.1
certified_asteriskeq11.6 cert13
certified_asteriskeq1.8.14.0 rc1

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	9.0
asterisk	ge	15.0.0
asterisk	lt	15.7.3
asterisk	ge	16.0.0
asterisk	lt	16.4.1
asterisk	ge	13.0.0
asterisk	lt	13.27.1
certified_asterisk	eq	11.6 cert13
certified_asterisk	eq	1.8.14.0 rc1