Lucene search
Veracode Vulnerability DatabaseVERACODE:29469HistoryFeb 24, 2021 - 3:27 a.m.
Denial Of Service Through SDP Negotiation
2021-02-2403:27:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.002 Low
EPSS
Percentile
57.0%
asterisk:sid is vulnerable to denial of service. The vulnerability exists in res_pjsip_session.c in Digium Asterisk where SDP negotiation in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| asterisk:sid | eq | 1:16.15.0~dfsg-1 | |
| asterisk:3.12 | eq | 16.7.0-r0 | |
| asterisk:edge | eq | 16.7.0-r0 |
References
packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html
seclists.org/fulldisclosure/2021/Feb/61
downloads.asterisk.org/pub/security/
downloads.asterisk.org/pub/security/AST-2021-005.html
issues.asterisk.org/jira/browse/ASTERISK-29196
security-tracker.debian.org/tracker/CVE-2021-26906
Related
openvas
openvas
Asterisk DoS Vulnerability (AST-2021-005)
2021-02-19 00:00:00
ubuntucve
ubuntucve
CVE-2021-26906
2021-02-18 00:00:00
nvd
nvd
CVE-2021-26906
2021-02-18 20:15:12
alpinelinux
alpinelinux
CVE-2021-26906
2021-02-18 20:15:12
redhatcve
redhatcve
CVE-2021-26906
2022-05-21 00:00:24
osv
osv
CVE-2021-26906
2021-02-18 20:15:12
nessus
nessus
freebsd
freebsd
asterisk -- Remote Crash Vulnerability in PJSIP channel driver
2021-02-08 00:00:00
debiancve
debiancve
CVE-2021-26906
2021-02-18 20:15:12
prion
prion
Design/Logic Flaw
2021-02-18 20:15:00
cvelist
cvelist
CVE-2021-26906
2021-02-18 19:50:04
cve
cve
CVE-2021-26906
2021-02-18 20:15:12