30 matches found
EUVD-2019-6304
Malware in sbrugna...
EUVD-2019-4689
Malware in sbrugna...
EUVD-2021-18753
Malware in sbrugna...
EUVD-2021-33492
Malicious code in bioql PyPI...
CVE-2023-40019
CVE-2023-40019 (FreeSWITCH) affects versions prior to 1.10.10. During SDP re-negotiation, an authorized user can send a re-INVITE with duplicate codec names; the system may perform more codec matches than expected, causing overflows in internal arrays and potentially corrupting the stack, leading...
CVE-2023-40019 FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...
Debian dla-3194 : asterisk - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3194 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3194-1 [email protected]...
CVE-2021-46837
respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrenc...
CVE-2021-46837
respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrenc...
Design/Logic Flaw
respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrenc...
CVE-2021-46837
respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrenc...
CVE-2021-46837
respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrenc...
Denial Of Service (DoS)
asterisk is vulnerable to denial of service DoS attacks. A null pointer dereference in chansip while handling SDP negotiation allows an attacker to crash the system when handling an SDP answer to an outgoing T.38 re-invite...
Denial Of Service (DoS)
Sangoma Asterisk is vulnerable to denial of service. The vulnerability exists because it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP resulting an application crash...
Cross site request forgery (csrf)
An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request...
CVE-2021-31878
An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request...
Denial Of Service (DoS)
asterisk, edge is vulnerable to denial of service. It allows an attacker to trigger a crash by sending a declined stream in a response re-invite initiated by Asterisk...
FreeBSD : asterisk -- Re-invite with T.38 and malformed SDP causes crash (94c6951a-0d04-11ea-87ca-001999f8d30b)
The Asterisk project reports : If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a crash will occur. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyrig...
CVE-2019-18976
An issue was discovered in respjsipt38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940...
CVE-2019-18976
An issue was discovered in respjsipt38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940...