Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2019-13161
HistoryJul 12, 2019 - 12:00 a.m.

CVE-2019-13161

2019-07-1200:00:00
ubuntu.com
ubuntu.com
10

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.6%

JSON

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and
15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk
through 13.21-cert3. A pointer dereference in chan_sip while handling SDP
negotiation allows an attacker to crash Asterisk when handling an SDP
answer to an outgoing T.38 re-invite. To exploit this vulnerability an
attacker must cause the chan_sip module to send a T.38 re-invite request to
them. Upon receipt, the attacker must send an SDP answer containing both a
T.38 UDPTL stream and another media stream containing only a codec (which
is not permitted according to the chan_sip configuration).

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchasterisk< anyUNKNOWN
ubuntu16.04noarchasterisk< anyUNKNOWN

Related

osv 2
cve 1
cvelist 1
freebsd 1
alpinelinux 1
debian 3
debiancve 1
nessus 3
veracode 1
prion 1
openvas 3
osv
osv
CVE-2019-13161
2019-07-12 20:15:11
asterisk - security update
2022-04-03 00:00:00
cve
cve
CVE-2019-13161
2019-07-12 20:15:00
cvelist
cvelist
CVE-2019-13161
2019-07-12 19:24:37
freebsd
freebsd
asterisk -- Remote Crash Vulnerability in chan_sip channel driver
2019-06-28 00:00:00
alpinelinux
alpinelinux
CVE-2019-13161
2019-07-12 20:15:00
debian
debian
[SECURITY] [DLA 2017-2] asterisk regression update
2019-12-01 14:13:46
[SECURITY] [DLA 2017-1] asterisk security update
2019-11-30 20:57:13
[SECURITY] [DLA 2969-1] asterisk security update
2022-04-03 05:57:15
debiancve
debiancve
CVE-2019-13161
2019-07-12 20:15:00
nessus
nessus
Debian DLA-2017-2 : asterisk regression update
2019-12-03 00:00:00
FreeBSD : asterisk -- Remote Crash Vulnerability in chan_sip channel driver (e9d2e981-a46d-11e9-bed9-001999f8d30b)
2019-07-15 00:00:00
Debian DLA-2969-1 : asterisk - LTS security update
2022-04-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-04-06 10:03:07
prion
prion
Null pointer dereference
2019-07-12 20:15:00
openvas
openvas
Asterisk Multiple DoS Vulnerabilities (AST-2019-002, AST-2019-003)
2019-07-12 00:00:00
Debian: Security Advisory (DLA-2017-1)
2019-12-01 00:00:00
Debian: Security Advisory (DLA-2969-1)
2022-04-04 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.6%

JSON
Related for UB:CVE-2019-13161
osv2cve1cvelist1freebsd1alpinelinux1debian3debiancve1nessus3veracode1prion1openvas3