Description
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
Affected Package
Related
{"id": "ALPINE:CVE-2019-12827", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2019-12827", "description": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.", "published": "2019-07-12T20:15:00", "modified": "2021-07-21T11:39:00", "epss": [{"cve": "CVE-2019-12827", "epss": 0.04717, "percentile": 0.9173, "modified": "2023-12-02"}], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://security.alpinelinux.org/vuln/CVE-2019-12827", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2019-12827"], "immutableFields": [], "lastseen": "2023-12-02T17:25:16", "viewCount": 10, "enchantments": {"score": {"value": 7.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2019-1679"]}, {"type": "cve", "idList": ["CVE-2019-12827"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-12827"]}, {"type": "freebsd", "idList": ["818B2BCB-A46F-11E9-BED9-001999F8D30B"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_818B2BCBA46F11E9BED9001999F8D30B.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142585"]}, {"type": "prion", "idList": ["PRION:CVE-2019-12827"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-12827"]}]}, "vulnersScore": 7.0}, "_state": {"score": 1701538112, "dependencies": 1701546193}, "_internal": {"score_hash": "f6b8dbfd6b9d77a40748a467e02a68ab"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "16.4.1-r0", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.10-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "16.3.0-r2", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.11-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "16.4.1-r0", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.12-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "16.4.1-r0", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.13-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "16.4.1-r0", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.14-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "16.4.1-r0", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.15-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "16.4.1-r0", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.16-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "16.4.1-r0", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.17-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "16.4.1-r0", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.18-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "16.4.1-r0", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.7-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "15.6.2-r0", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.8-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "15.6.2-r0", "operator": "lt", "packageName": "asterisk"}, {"OS": "Alpine", "OSVersion": "3.9-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "15.7.4-r0", "operator": "lt", "packageName": "asterisk"}]}
{"checkpoint_advisories": [{"lastseen": "2021-12-17T11:17:22", "description": "A denial-of-service vulnerability exists in Digium Asterisk. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-03-01T00:00:00", "type": "checkpoint_advisories", "title": "Digium Asterisk Denial Of Service (CVE-2019-12827)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12827"], "modified": "2020-03-01T00:00:00", "id": "CPAI-2019-1679", "href": "", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-24T14:26:16", "description": "The Asterisk project reports :\n\nA specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.", "cvss3": {}, "published": "2019-07-15T00:00:00", "type": "nessus", "title": "FreeBSD : asterisk -- Remote crash vulnerability with MESSAGE messages (818b2bcb-a46f-11e9-bed9-001999f8d30b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12827"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:asterisk13", "p-cpe:/a:freebsd:freebsd:asterisk15", "p-cpe:/a:freebsd:freebsd:asterisk16", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_818B2BCBA46F11E9BED9001999F8D30B.NASL", "href": "https://www.tenable.com/plugins/nessus/126666", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126666);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-12827\");\n\n script_name(english:\"FreeBSD : asterisk -- Remote crash vulnerability with MESSAGE messages (818b2bcb-a46f-11e9-bed9-001999f8d30b)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk project reports :\n\nA specially crafted SIP in-dialog MESSAGE message can cause Asterisk\nto crash.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2019-002.html\"\n );\n # https://vuxml.freebsd.org/freebsd/818b2bcb-a46f-11e9-bed9-001999f8d30b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d00b59e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk16\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"asterisk13<13.27.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk15<15.7.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk16<16.4.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2023-12-02T16:48:24", "description": "\n\nThe Asterisk project reports:\n\nA specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-13T00:00:00", "type": "freebsd", "title": "asterisk -- Remote crash vulnerability with MESSAGE messages", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12827"], "modified": "2019-06-13T00:00:00", "id": "818B2BCB-A46F-11E9-BED9-001999F8D30B", "href": "https://vuxml.freebsd.org/freebsd/818b2bcb-a46f-11e9-bed9-001999f8d30b.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-12-02T18:21:26", "description": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-12T20:15:00", "type": "debiancve", "title": "CVE-2019-12827", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12827"], "modified": "2019-07-12T20:15:00", "id": "DEBIANCVE:CVE-2019-12827", "href": "https://security-tracker.debian.org/tracker/CVE-2019-12827", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-11-22T01:57:47", "description": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-12T20:15:00", "type": "prion", "title": "Buffer overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12827"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2019-12827", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-12827", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-01T14:43:34", "description": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions\n13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote\nauthenticated users to crash Asterisk by sending a specially crafted SIP\nMESSAGE message.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-12T00:00:00", "type": "ubuntucve", "title": "CVE-2019-12827", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12827"], "modified": "2019-07-12T00:00:00", "id": "UB:CVE-2019-12827", "href": "https://ubuntu.com/security/CVE-2019-12827", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-12-02T15:04:36", "description": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-12T20:15:00", "type": "cve", "title": "CVE-2019-12827", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12827"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:digium:certified_asterisk:13.21"], "id": "CVE-2019-12827", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12827", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc1:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-08-05T15:47:46", "description": "Asterisk is prone to multiple denial of service vulnerabilities.", "cvss3": {}, "published": "2019-07-12T00:00:00", "type": "openvas", "title": "Asterisk Multiple DoS Vulnerabilities (AST-2019-002, AST-2019-003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12827", "CVE-2019-13161"], "modified": "2019-08-05T00:00:00", "id": "OPENVAS:1361412562310142585", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142585", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = 'cpe:/a:digium:asterisk';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142585\");\n script_version(\"2019-08-05T06:52:30+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-05 06:52:30 +0000 (Mon, 05 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-12 02:13:53 +0000 (Fri, 12 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2019-12827\", \"CVE-2019-13161\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Asterisk Multiple DoS Vulnerabilities (AST-2019-002, AST-2019-003)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_asterisk_detect.nasl\");\n script_mandatory_keys(\"Asterisk-PBX/Installed\");\n\n script_tag(name:\"summary\", value:\"Asterisk is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Asterisk is prone to multiple denial of service vulnerabilities:\n\n - Remote crash vulnerability with MESSAGE messages (CVE-2019-12827)\n\n - Remote Crash Vulnerability in chan_sip channel driver (CVE-2019-13161)\");\n\n script_tag(name:\"affected\", value:\"Asterisk Open Source 13.x, 15.x and 16.x and Certified Asterisk 13.21.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Version 13.27.1, 15.7.3, 16.4.1, 13.21-cert4 or later.\");\n\n script_xref(name:\"URL\", value:\"https://downloads.asterisk.org/pub/security/AST-2019-002.html\");\n script_xref(name:\"URL\", value:\"https://downloads.asterisk.org/pub/security/AST-2019-003.html\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version =~ \"^13\\.\") {\n if (version =~ \"^13\\.21cert\") {\n if (revcomp(a: version, b: \"13.21cert4\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.21-cert4\");\n security_message(port: port, data: report, proto: \"udp\");\n exit(0);\n }\n }\n else {\n if (version_is_less(version: version, test_version: \"13.27.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.27.1\");\n security_message(port: port, data: report, proto: \"udp\");\n exit(0);\n }\n }\n}\n\nif (version =~ \"^15\\.\") {\n if (version_is_less(version: version, test_version: \"15.7.3\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.7.3\");\n security_message(port: port, data: report, proto: \"udp\");\n exit(0);\n }\n}\n\nif (version =~ \"^16\\.\") {\n if (version_is_less(version: version, test_version: \"16.4.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"16.4.1\");\n security_message(port: port, data: report, proto: \"udp\");\n exit(0);\n }\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}]}
CVE-2019-12827
