Vulnerability Description
res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digium | Asterisk | >= 15.0.0, <= 15.7.3 |
Related Weaknesses (CWE)
References
- http://downloads.asterisk.org/pub/security/AST-2019-004.htmlPatchVendor Advisory
- http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-APatchThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-A
- http://seclists.org/fulldisclosure/2021/Mar/5
- http://downloads.asterisk.org/pub/security/AST-2019-004.htmlPatchVendor Advisory
- http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-APatchThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-A
- http://seclists.org/fulldisclosure/2021/Mar/5
FAQ
What is CVE-2019-15297?
CVE-2019-15297 is a vulnerability with a CVSS score of 6.5 (MEDIUM). res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. ...
How severe is CVE-2019-15297?
CVE-2019-15297 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15297?
Check the references section above for vendor advisories and patch information. Affected products include: Digium Asterisk.