Lucene search
Veracode Vulnerability DatabaseVERACODE:29470HistoryFeb 24, 2021 - 3:52 a.m.
Denial Of Service (DoS)
2021-02-2403:52:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
0.002 Low
EPSS
Percentile
56.3%
asterisk is vulnerable to denial of service. When re-negotiating for T.38, if the initial remote response was delayed by a specific duration, both audio and T.38 in the SDP would be sent and the subsequent response from the receiver would crash the application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| asterisk:sid | eq | 1:16.15.0~dfsg-1 | |
| asterisk:3.12 | eq | 16.7.0-r0 | |
| asterisk:edge | eq | 16.7.0-r0 |
References
packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html
seclists.org/fulldisclosure/2021/Feb/58
downloads.asterisk.org/pub/security/
downloads.asterisk.org/pub/security/AST-2021-002.html
issues.asterisk.org/jira/browse/ASTERISK-29203
security-tracker.debian.org/tracker/CVE-2021-26717
Related
cve
cve
CVE-2021-26717
2021-02-18 20:15:12
cvelist
cvelist
CVE-2021-26717
2021-02-18 19:39:46
nvd
nvd
CVE-2021-26717
2021-02-18 20:15:12
alpinelinux
alpinelinux
CVE-2021-26717
2021-02-18 20:15:12
ubuntucve
ubuntucve
CVE-2021-26717
2021-02-18 00:00:00
osv
osv
CVE-2021-26717
2021-02-18 20:15:00
nessus
nessus
debiancve
debiancve
CVE-2021-26717
2021-02-18 20:15:12
prion
prion
Design/Logic Flaw
2021-02-18 20:15:00
openvas
openvas
Asterisk DoS Vulnerability (AST-2021-002)
2021-02-19 00:00:00
freebsd
freebsd
asterisk -- Remote crash possible when negotiating T.38
2021-02-05 00:00:00