asterisk is vulnerable to denial of service. When re-negotiating for T.38, if the initial remote response was delayed by a specific duration, both audio and T.38 in the SDP would be sent and the subsequent response from the receiver would crash the application.
CPE | Name | Operator | Version |
---|---|---|---|
asterisk:sid | eq | 1:16.15.0~dfsg-1 | |
asterisk:3.12 | eq | 16.7.0-r0 | |
asterisk:edge | eq | 16.7.0-r0 |
packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html
seclists.org/fulldisclosure/2021/Feb/58
downloads.asterisk.org/pub/security/
downloads.asterisk.org/pub/security/AST-2021-002.html
issues.asterisk.org/jira/browse/ASTERISK-29203
security-tracker.debian.org/tracker/CVE-2021-26717