Debian Asterisk vulnerabilities

CVE-2019-18610 [HIGH] CVE-2019-18610: asterisk - An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.... An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Scope: local bullseye: resolved (fixed in 1:16.10.0~dfs

CVE-2019-18976 [HIGH] CVE-2019-18976: asterisk - An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and ... An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. Scope: local bullseye: resolved (fixed in 1:16.1.1~dfsg-1) sid: res

CVE-2019-7251 [MEDIUM] CVE-2019-7251: asterisk - An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module ... An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation. Scope: local bullseye: resolved (fixed in 1:16.2.1~dfsg-1) sid: resolved (fixed in 1:16.2.1~dfsg-1)

CVE-2019-18790 [MEDIUM] CVE-2019-18790: asterisk - An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 1... An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known

CVE-2019-12827 [MEDIUM] CVE-2019-12827: asterisk - Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, ... Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message. Scope: local bullseye: resolved (fixed in 1:16.2.1~dfsg-2) sid: resolved (fixed in 1:16.2.1~dfsg-2)

CVE-2019-13161 [MEDIUM] CVE-2019-13161: asterisk - An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x t... An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacke

CVE-2019-15297 [MEDIUM] CVE-2019-15297: asterisk - res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allo... res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference. Scope: local bullseye: resolved (fixed in 1:16.10.0~dfsg-1) sid: resolved (fixed in 1:16.10.0~df

CVE-2019-15639 [HIGH] CVE-2019-15639: asterisk - main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker... main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. Scope: local bullseye: resolved sid: resolved

CVE-2018-7284 [HIGH] CVE-2018-7284: asterisk - A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through... A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite havi

CVE-2018-17281 [HIGH] CVE-2018-17281: asterisk - There is a stack consumption vulnerability in the res_http_websocket.so module o... There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. Scope: local bullseye: resolved (fixed in 1:13.23

CVE-2018-12227 [MEDIUM] CVE-2018-12227: asterisk - An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before... An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response

CVE-2018-7286 [MEDIUM] CVE-2018-7286: asterisk - An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15... An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection. Scope: local bullseye: resolv

CVE-2018-7287 [MEDIUM] CVE-2018-7287: asterisk - An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1.... An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop). Scope: local bullseye: resolved sid: resolved

CVE-2018-7285 [HIGH] CVE-2018-7285: asterisk - A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The ... A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consul

CVE-2018-12228 [MEDIUM] CVE-2018-12228: asterisk - An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connect... An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. Scope: local bullseye: resolved sid: resolved

CVE-2018-19278 [HIGH] CVE-2018-19278: asterisk - Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6... Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length. Scope: local bullseye: resolved sid: resolved

CVE-2017-14100 [CRITICAL] CVE-2017-14100: asterisk - In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and... In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id

CVE-2017-14603 [HIGH] CVE-2017-14603: asterisk - In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and... In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. Scope: local b

CVE-2017-9358 [HIGH] CVE-2017-9358: asterisk - A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.... A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). Scope: local bullseye: resolved (fixed in 1:13.14.1~df

CVE-2017-7617 [HIGH] CVE-2017-7617: asterisk - Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and ... Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action. Scope: local bullseye: resolved (fixed in 1:13.14.1~dfsg-1) sid: resolved (fixed