Debian Asterisk vulnerabilities

CVE-2021-43299 [CRITICAL] CVE-2021-43299: asterisk - Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-contro... Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. Scope: local bullseye: resolved (fixed in 1:16.28.0~dfsg-0+deb11u1) sid: resolved (fixed in 1:18.11.1~dfsg+~cs6.10.40431413-1)

CVE-2021-43301 [CRITICAL] CVE-2021-43301: asterisk - Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-cont... Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. Scope: local bullseye: resolved (fixed in 1:16.28.0~dfsg-0+deb11u1) sid: resolved (fixed in 1:18.11.1~dfsg+~cs6.10.40431413-1)

CVE-2021-43300 [CRITICAL] CVE-2021-43300: asterisk - Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-cont... Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. Scope: local bullseye: resolved (fixed in 1:16.28.0~dfsg-0+deb11u1) sid: resolved (fixed in 1:18.11.1~dfsg+~cs6.10.40431413-1)

CVE-2021-43302 [CRITICAL] CVE-2021-43302: asterisk - Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-... Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters. Scope: local bullseye: resolved (fixed in 1:16.28.0~dfsg-0+deb11u1) sid: resolved (fixed in 1:18.11.1~dfsg+~cs6.10.40431413-1)

CVE-2021-43303 [CRITICAL] CVE-2021-43303: asterisk - Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlle... Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied Scope: local bullseye: resolved (fixed in 1:16.28.0~dfsg-0+deb11u1) sid: resolved (fixed in 1:18

CVE-2021-32558 [HIGH] CVE-2021-32558: asterisk - An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.... An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur. Scope: local bullseye: resolved (fixed in 1:16.16.1~dfsg-1+deb11u1) sid: resolved (fixe

CVE-2021-43804 [HIGH] CVE-2021-43804: asterisk - PJSIP is a free and open source multimedia communication library written in C la... PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-boun

CVE-2021-37706 [HIGH] CVE-2021-37706: asterisk - PJSIP is a free and open source multimedia communication library written in C la... PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer un

CVE-2021-26717 [HIGH] CVE-2021-26717: asterisk - An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.... An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then As

CVE-2021-43845 [HIGH] CVE-2021-43845: asterisk - PJSIP is a free and open source multimedia communication library. In version 2.1... PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an inval

CVE-2021-32686 [MEDIUM] CVE-2021-32686: asterisk - PJSIP is a free and open source multimedia communication library written in C la... PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second,

CVE-2021-46837 [MEDIUM] CVE-2021-46837: asterisk - res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 1... res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reas

CVE-2021-26906 [MEDIUM] CVE-2021-26906: asterisk - An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.... An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiat

CVE-2021-31878 [MEDIUM] CVE-2021-31878: asterisk - An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. T... An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request. Scope: local bullseye: resolved sid: resolved

CVE-2021-26712 [HIGH] CVE-2021-26712: asterisk - Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17... Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. Scope: local bullseye: resolved sid: resolved

CVE-2021-26713 [MEDIUM] CVE-2021-26713: asterisk - A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 1... A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch. Scope: local b

CVE-2020-35652 [MEDIUM] CVE-2020-35652: asterisk - An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.3... An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. Scope: local

CVE-2020-28327 [MEDIUM] CVE-2020-28327: asterisk - A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.... A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next

CVE-2020-28242 [MEDIUM] CVE-2020-28242: asterisk - An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before... An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more mem

CVE-2020-35776 [MEDIUM] CVE-2020-35776: asterisk - A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1,... A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. Scope: local bullseye: resolved (fixed in 1:16.16.1~dfsg-1) sid: resolved (fixed in 1:16.16.1~dfsg-1)