CVE-2019-7251 — Integer Overflow or Wraparound in Asterisk

CWE-190 — Integer Overflow or Wraparound6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

4.4%

top 10.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedMar 28

Latest updateMay 14

Description

An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDdigium/asterisk15.0.0 — 15.7.2+1

▶Debiandigium/asterisk< 1:16.2.1~dfsg-1

▶debiandebian/asterisk< asterisk 1:16.2.1~dfsg-1 (bullseye)

Patches

Patch: downloads.asterisk.org ↗Patch: downloads.asterisk.org ↗

🔴Vulnerability Details

GHSA

GHSA-686h-j227-6632: An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15↗2022-05-14

▶

OSV

CVE-2019-7251: An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15↗2019-03-28

▶

📋Vendor Advisories

Debian

CVE-2019-7251: asterisk - An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module ...↗2019

▶

💬Community

Bugzilla

CVE-2019-7251 asterisk: Remote crash vulnerability with SDP protocol [fedora-all]↗2019-03-01

▶

Bugzilla

CVE-2019-7251 asterisk: Remote crash vulnerability with SDP protocol↗2019-03-01

▶