CVE-2019-13161 — NULL Pointer Dereference in Asterisk

CWE-476 — NULL Pointer Dereference6 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

2.2%

top 15.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk Debian Linux +1 more

Timeline

PublishedJul 12

Latest updateMay 24

Description

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containin…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages4 packages

▶NVDdigium/certified_asterisk35 versions+34

▶NVDdigium/asterisk13.0.0 — 13.27.1+2

▶debiandebian/asterisk< asterisk 1:16.2.1~dfsg-2 (bullseye)

▶Debiandigium/asterisk< 1:16.2.1~dfsg-2

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-5x75-h4p9-mf5p: An issue was discovered in Asterisk Open Source through 13↗2022-05-24

▶

OSV

CVE-2019-13161: An issue was discovered in Asterisk Open Source through 13↗2019-07-12

▶

📋Vendor Advisories

Debian

CVE-2019-13161: asterisk - An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x t...↗2019

▶

💬Community

Bugzilla

CVE-2019-13161 asterisk: pointer dereference in chan_sip leading to crash [fedora-all]↗2019-08-02

▶

Bugzilla

CVE-2019-13161 asterisk: pointer dereference in chan_sip leading to crash↗2019-08-02

▶