Sangoma Asterisk is vulnerable to denial of service. The vulnerability exists because it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP resulting an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
asterisk:stretch | eq | 1:13.14.1~dfsg-2+deb9u4 | |
asterisk:stretch | eq | 1:13.14.1~dfsg-2+deb9u4 |
downloads.asterisk.org/pub/security/AST-2019-008.html
lists.debian.org/debian-lts-announce/2022/04/msg00001.html
packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html
seclists.org/fulldisclosure/2019/Nov/20
security-tracker.debian.org/tracker/CVE-2019-18976
www.asterisk.org/downloads/security-advisories
www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1