asterisk:sid is vulnerable to denial of service. The vulnerability exists in res_pjsip_session.c in Digium Asterisk where SDP negotiation in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
CPE | Name | Operator | Version |
---|---|---|---|
asterisk:sid | eq | 1:16.15.0~dfsg-1 | |
asterisk:3.12 | eq | 16.7.0-r0 | |
asterisk:edge | eq | 16.7.0-r0 |
packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html
seclists.org/fulldisclosure/2021/Feb/61
downloads.asterisk.org/pub/security/
downloads.asterisk.org/pub/security/AST-2021-005.html
issues.asterisk.org/jira/browse/ASTERISK-29196
security-tracker.debian.org/tracker/CVE-2021-26906