Debian DSA-4999-1 : asterisk - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4999 advisory. - An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before...

CVE-2021-31878

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request...

CVE-2021-31878

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request...

CVE-2021-31878

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request...

Cross site request forgery (csrf)

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request...

UBUNTU-CVE-2021-31878

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request...

Denial Of Service (DoS)

PJSIP is vulnerable to denial of service. A race condition between callback and destroy and an insecure SSL socket parent/listener allows an attacker to cause an applicatino crash...

PJSIP competition condition issue vulnerability

PJSIP is a free and open source multimedia communications library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.A contention problem vulnerability exists in PJSIP, which stems from improper handling of concurrent access when concurrent code need...

CVE-2021-31878

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request...

CVE-2021-31878

Affected software. Asterisk prior to 16.19.1 and prior to 18.5.1 uses the PJSIP stack. Vulnerability and root cause. An issue exists in PJSIP where a re-INVITE without SDP, received after Asterisk has sent a BYE, can be exploited. This is the explicit condition described in CVE-2021-31878. Impact...

CVE-2021-31878

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request...

FreeBSD : pjsip -- Race condition in SSL socket server (92ad12b8-ec09-11eb-aef1-0897988a1c07)

pjsip reports : There are a couple of issues found in the SSL socket : - A race condition between callback and destroy, due to the accepted socket having no group lock. - SSL socket parent/listener may get destroyed during handshake. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

FreeBSD : asterisk -- Remote Crash Vulnerability in PJSIP channel driver (ffa364e1-ebf5-11eb-aef1-0897988a1c07)

The Asterisk project reports : When Asterisk receives a re-INVITE without SDP after having sent a BYE request a crash will occur. This occurs due to the Asterisk channel no longer being present while code assumes it is. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

CVE-2021-32686

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback a...

CVE-2021-32686

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback a...

ALPINE-CVE-2021-32686

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback a...

DEBIAN-CVE-2021-32686

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback a...

Race condition

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback a...

CVE-2021-32686

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback a...

CVE-2021-32686

CVE-2021-32686 affects the PJSIP pjproject library prior to 2.11.1. The issue is a race condition in the SSL socket: (1) the accepted socket lacks a group lock, causing a race between callback and destroy, and (2) the SSL socket parent/listener may be destroyed during TLS handshake. These intermi...