CVE-2019-13161

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
digiumcertified_asterisk
1.8.0.0
digiumcertified_asterisk
1.8.0.0:beta1
digiumcertified_asterisk
1.8.0.0:beta2
digiumcertified_asterisk
1.8.0.0:beta3
digiumcertified_asterisk
1.8.0.0:beta4
digiumcertified_asterisk
1.8.0.0:beta5
digiumcertified_asterisk
1.8.0.0:rc1
digiumcertified_asterisk
1.8.0.0:rc2
digiumcertified_asterisk
1.8.0.0:rc3
digiumcertified_asterisk
1.8.0.0:rc4
digiumcertified_asterisk
1.8.0.0:rc5
digiumcertified_asterisk
1.8.1.0
digiumcertified_asterisk
1.8.1.0:rc1
digiumcertified_asterisk
1.8.2.0
digiumcertified_asterisk
1.8.2.0:rc1
digiumcertified_asterisk
1.8.3.0
digiumcertified_asterisk
1.8.3.0:rc1
digiumcertified_asterisk
1.8.3.0:rc2
digiumcertified_asterisk
1.8.3.0:rc3
digiumcertified_asterisk
1.8.4.0
digiumcertified_asterisk
1.8.4.0:rc1
digiumcertified_asterisk
1.8.4.0:rc2
digiumcertified_asterisk
1.8.4.0:rc3
digiumcertified_asterisk
1.8.5.0
digiumcertified_asterisk
1.8.5.0:rc1
digiumcertified_asterisk
1.8.6.0
digiumcertified_asterisk
1.8.6.0:rc1
digiumcertified_asterisk
1.8.6.0:rc2
digiumcertified_asterisk
1.8.6.0:rc3
digiumcertified_asterisk
1.8.7.0
digiumcertified_asterisk
1.8.7.0:rc1
digiumcertified_asterisk
1.8.7.0:rc2
digiumcertified_asterisk
1.8.8.0
digiumcertified_asterisk
1.8.8.0:rc1
digiumcertified_asterisk
1.8.8.0:rc2
digiumcertified_asterisk
1.8.8.0:rc3
digiumcertified_asterisk
1.8.8.0:rc4
digiumcertified_asterisk
1.8.8.0:rc5
digiumcertified_asterisk
1.8.9.0
digiumcertified_asterisk
1.8.9.0:rc1
digiumcertified_asterisk
1.8.9.0:rc2
digiumcertified_asterisk
1.8.9.0:rc3
digiumcertified_asterisk
1.8.10.0
digiumcertified_asterisk
1.8.10.0:rc1
digiumcertified_asterisk
1.8.10.0:rc2
digiumcertified_asterisk
1.8.10.0:rc3
digiumcertified_asterisk
1.8.10.0:rc4
digiumcertified_asterisk
1.8.11:cert
digiumcertified_asterisk
1.8.11:cert1
digiumcertified_asterisk
1.8.11:cert10
digiumcertified_asterisk
1.8.11:cert2
digiumcertified_asterisk
1.8.11:cert3
digiumcertified_asterisk
1.8.11:cert3-rc1
digiumcertified_asterisk
1.8.11:cert3-rc2
digiumcertified_asterisk
1.8.11:cert4
digiumcertified_asterisk
1.8.11:cert5
digiumcertified_asterisk
1.8.11:cert5-rc1
digiumcertified_asterisk
1.8.11:cert5-rc2
digiumcertified_asterisk
1.8.11:cert6
digiumcertified_asterisk
1.8.11:cert7
digiumcertified_asterisk
1.8.11:cert8
digiumcertified_asterisk
1.8.11:cert9
digiumcertified_asterisk
1.8.11:cert9-rc1
digiumcertified_asterisk
1.8.11.0
digiumcertified_asterisk
1.8.11.0:rc1
digiumcertified_asterisk
1.8.11.0:rc2
digiumcertified_asterisk
1.8.11.0:rc3
digiumcertified_asterisk
1.8.12.0
digiumcertified_asterisk
1.8.12.0:rc1
digiumcertified_asterisk
1.8.12.0:rc2
digiumcertified_asterisk
1.8.12.0:rc3
digiumcertified_asterisk
1.8.13.0
digiumcertified_asterisk
1.8.13.0:rc1
digiumcertified_asterisk
1.8.13.0:rc2
digiumcertified_asterisk
1.8.14.0:rc1
digiumcertified_asterisk
1.8.14.0:rc2
digiumcertified_asterisk
1.8.15
digiumcertified_asterisk
1.8.15:cert1
digiumcertified_asterisk
1.8.15:cert1-rc1
digiumcertified_asterisk
1.8.15:cert1-rc2
digiumcertified_asterisk
1.8.15:cert1-rc3
digiumcertified_asterisk
1.8.15:cert1_rc1
digiumcertified_asterisk
1.8.15:cert1_rc2
digiumcertified_asterisk
1.8.15:cert1_rc3
digiumcertified_asterisk
1.8.15:cert2
digiumcertified_asterisk
1.8.15:cert3
digiumcertified_asterisk
1.8.15:cert4
digiumcertified_asterisk
1.8.15:cert5
digiumcertified_asterisk
1.8.15:cert6
digiumcertified_asterisk
1.8.15:cert7
digiumcertified_asterisk
1.8.28
digiumcertified_asterisk
1.8.28:cert1
digiumcertified_asterisk
1.8.28:cert1-rc1
digiumcertified_asterisk
1.8.28:cert2
digiumcertified_asterisk
1.8.28:cert2
digiumcertified_asterisk
1.8.28:cert3
digiumcertified_asterisk
1.8.28:cert4
digiumcertified_asterisk
1.8.28:cert5
digiumcertified_asterisk
1.8.28.0
digiumcertified_asterisk
11.0.0
digiumcertified_asterisk
11.0.0:rc1
digiumcertified_asterisk
11.0.0:rc2
digiumcertified_asterisk
11.1.0
digiumcertified_asterisk
11.1.0:rc1
digiumcertified_asterisk
11.1.0:rc2
digiumcertified_asterisk
11.1.0:rc3
digiumcertified_asterisk
11.2:cert1
digiumcertified_asterisk
11.2:cert1-rc2
digiumcertified_asterisk
11.2:cert2
digiumcertified_asterisk
11.2:cert3
digiumcertified_asterisk
11.3.0
digiumcertified_asterisk
11.3.0:rc1
digiumcertified_asterisk
11.3.0:rc2
digiumcertified_asterisk
11.4.0
digiumcertified_asterisk
11.4.0:rc1
digiumcertified_asterisk
11.4.0:rc2
digiumcertified_asterisk
11.4.0:rc3
digiumcertified_asterisk
11.5.0
digiumcertified_asterisk
11.5.0:rc1
digiumcertified_asterisk
11.5.0:rc2
digiumcertified_asterisk
11.6:cert1
digiumcertified_asterisk
11.6:cert1
digiumcertified_asterisk
11.6:cert1-rc1
digiumcertified_asterisk
11.6:cert1-rc2
digiumcertified_asterisk
11.6:cert1_rc1
digiumcertified_asterisk
11.6:cert1_rc2
digiumcertified_asterisk
11.6:cert10
digiumcertified_asterisk
11.6:cert11
digiumcertified_asterisk
11.6:cert12
digiumcertified_asterisk
11.6:cert12
digiumcertified_asterisk
11.6:cert13
digiumcertified_asterisk
11.6:cert13
digiumcertified_asterisk
11.6:cert14
digiumcertified_asterisk
11.6:cert14
digiumcertified_asterisk
11.6:cert14-rc1
digiumcertified_asterisk
11.6:cert14-rc2
digiumcertified_asterisk
11.6:cert15
digiumcertified_asterisk
11.6:cert15
digiumcertified_asterisk
11.6:cert16
digiumcertified_asterisk
11.6:cert17
digiumcertified_asterisk
11.6:cert18
digiumcertified_asterisk
11.6:cert2
digiumcertified_asterisk
11.6:cert2
digiumcertified_asterisk
11.6:cert3
digiumcertified_asterisk
11.6:cert3
digiumcertified_asterisk
11.6:cert4
digiumcertified_asterisk
11.6:cert4
digiumcertified_asterisk
11.6:cert5
digiumcertified_asterisk
11.6:cert5
digiumcertified_asterisk
11.6:cert6
digiumcertified_asterisk
11.6:cert6
digiumcertified_asterisk
11.6:cert7
digiumcertified_asterisk
11.6:cert7
digiumcertified_asterisk
11.6:cert8
digiumcertified_asterisk
11.6:cert8
digiumcertified_asterisk
11.6:cert9
digiumcertified_asterisk
11.6.0
digiumcertified_asterisk
11.6.0
digiumcertified_asterisk
11.6.0:rc1
digiumcertified_asterisk
11.6.0:rc2
digiumcertified_asterisk
13.1:cert1
digiumcertified_asterisk
13.1:cert1-rc1
digiumcertified_asterisk
13.1:cert1-rc3
digiumcertified_asterisk
13.1:cert2
digiumcertified_asterisk
13.1:cert3
digiumcertified_asterisk
13.1:cert3-rc1
digiumcertified_asterisk
13.1:cert4
digiumcertified_asterisk
13.1:cert5
digiumcertified_asterisk
13.1:cert6
digiumcertified_asterisk
13.1:cert7
digiumcertified_asterisk
13.1:cert8
digiumcertified_asterisk
13.1.0
digiumcertified_asterisk
13.1.0:rc1
digiumcertified_asterisk
13.1.0:rc2
digiumcertified_asterisk
13.8:cert1
digiumcertified_asterisk
13.8:cert1-rc2
digiumcertified_asterisk
13.8:cert1-rc3
digiumcertified_asterisk
13.8:cert1_rc1
digiumcertified_asterisk
13.8:cert1_rc2
digiumcertified_asterisk
13.8:cert1_rc3
digiumcertified_asterisk
13.8:cert2
digiumcertified_asterisk
13.8:cert2-rc1
digiumcertified_asterisk
13.8:cert2_rc1
digiumcertified_asterisk
13.8:cert3
digiumcertified_asterisk
13.8:cert4
digiumcertified_asterisk
13.8.0
digiumcertified_asterisk
13.8.0:rc1
digiumcertified_asterisk
13.13:cert1-rc1
digiumcertified_asterisk
13.13:cert1-rc2
digiumcertified_asterisk
13.13:cert1-rc3
digiumcertified_asterisk
13.13:cert1-rc4
digiumcertified_asterisk
13.13:cert2
digiumcertified_asterisk
13.13:cert3
digiumcertified_asterisk
13.13:cert4
digiumcertified_asterisk
13.13:cert5
digiumcertified_asterisk
13.13:cert6
digiumcertified_asterisk
13.13:cert7
digiumcertified_asterisk
13.13:cert8
digiumcertified_asterisk
13.13:cert9
digiumcertified_asterisk
13.13-cert2
digiumcertified_asterisk
13.18:cert1
digiumcertified_asterisk
13.18:cert1-rc1
digiumcertified_asterisk
13.18:cert1-rc2
digiumcertified_asterisk
13.18:cert1-rc3
digiumcertified_asterisk
13.18:cert2
digiumcertified_asterisk
13.18:cert3
digiumcertified_asterisk
13.18:cert4
digiumcertified_asterisk
13.21:cert1
digiumcertified_asterisk
13.21:cert1-rc1
digiumcertified_asterisk
13.21:cert1-rc2
digiumcertified_asterisk
13.21:cert2
digiumcertified_asterisk
13.21:cert3
digiumasterisk
13.0.0 ≤
𝑥
< 13.27.1
digiumasterisk
15.0.0 ≤
𝑥
< 15.7.3
digiumasterisk
16.0.0 ≤
𝑥
< 16.4.1
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
jessie
postponed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
ignored
cosmic
ignored
bionic
needed
xenial
needed
trusty
dne
Common Weakness Enumeration
References
http://downloads.digium.com/pub/security/AST-2019-003.html
https://issues.asterisk.org/jira/browse/ASTERISK-28465
https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html
http://downloads.digium.com/pub/security/AST-2019-003.html
https://issues.asterisk.org/jira/browse/ASTERISK-28465
https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html