CVE-2019-15297

🗓️ 09 Sep 2019 20:48:12Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 219 Views

res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference

Reporter	Title	Published	Views	Family All 28
FreeBSD	asterisk -- Crash when negotiating T.38 with a zero port	20 Feb 202100:00	–	freebsd
FreeBSD	asterisk -- Crash when negotiating for T.38 with a declined stream	5 Aug 201900:00	–	freebsd
AlpineLinux	CVE-2019-15297	9 Sep 201920:48	–	alpinelinux
AlpineLinux	CVE-2021-46837	30 Aug 202207:15	–	alpinelinux
Circl	CVE-2019-15297	30 Aug 202212:35	–	circl
CNVD	Digium Asterisk Code Issue Vulnerability	5 Sep 201900:00	–	cnvd
Cvelist	CVE-2019-15297	9 Sep 201920:48	–	cvelist
Debian CVE	CVE-2019-15297	9 Sep 201920:48	–	debiancve
EUVD	EUVD-2019-6304	7 Oct 202500:30	–	euvd
Tenable Nessus	FreeBSD : asterisk -- Crash when negotiating T.38 with a zero port (9e8f0766-7d21-11eb-a2be-001999f8d30b)	5 Mar 202100:00	–	nessus

NVD

Node

digium asteriskRange15.0.0–15.7.3

digium asteriskRange16.0.0–16.5.0

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html
seclists	www.seclists.org/fulldisclosure/2021/Mar/5
downloads	www.downloads.asterisk.org/pub/security/AST-2019-004.html
packetstormsecurity	www.packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html

21 Nov 2024 04:28Current

6.1Medium risk

Vulners AI Score6.1

CVSS 24

CVSS 3.16.5

EPSS0.02861

CWE-476