An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through…
mitre·CWE-404·Published 2021-02-18
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
Se detectó un problema en el archivo res_pjsip_session.c en Digium Asterisk versiones hasta 13.38.1; 14.x, 15.x y 16.xa 16.16.0; 17.xa 17.9.1; y 18.xa 18.2.0, y Certified Asterisk versiones hasta 16.8-cert5. Una vulnerabilidad de negociación SDP en PJSIP permite a un servidor remoto bloquear potencialmente Asterisk mediante el envío de respuestas SIP específicas que causan un fallo en la negociación SDP
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.3 | 8.6 | 2.9 | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| 3.1 | Primary | NVD | 5.9 | 2.2 | 3.6 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |