CVE-2019-12827Out-of-bounds Write in Asterisk

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
19.6%
top 4.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Digium AsteriskDebian AsteriskDigium Certified Asterisk
Timeline
PublishedJul 12
Latest updateMay 24

Description

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDdigium/asterisk13.0.013.27.0+2
Debiandigium/asterisk< 1:16.2.1~dfsg-2
debiandebian/asterisk< asterisk 1:16.2.1~dfsg-2 (bullseye)

🔴Vulnerability Details

2
GHSA
GHSA-3x27-45gw-9p39: Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 132022-05-24
OSV
CVE-2019-12827: Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 132019-07-12

📋Vendor Advisories

1
Debian
CVE-2019-12827: asterisk - Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, ...2019

💬Community

2
Bugzilla
CVE-2019-12827 asterisk: buffer overflow in res_pjsip_messaging allows for a crash and DoS2019-08-06
Bugzilla
CVE-2019-12827 asterisk: buffer overflow in res_pjsip_messaging allows for a crash and DoS [fedora-all]2019-08-06
CVE-2019-12827 — Out-of-bounds Write in Digium Asterisk | cvebase