2019-07-12 22:15:11 2019-07-17 20:43:51

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL
Digium Asterisk 13.0.0 (not an official CPE) Digium Asterisk 13.0.0 LTS Digium Asterisk 13.0.0 Beta1 (not an official CPE) Digium Asterisk 13.0.0 Beta2 (not an official CPE) Digium Asterisk 13.0.0 Beta3 (not an official CPE) Digium Asterisk 13.0.1 Digium Asterisk 13.0.2 (not an official CPE) Digium Asterisk 13.1.0 Digium Asterisk 13.1.0 release candidate 1 Digium Asterisk 13.1.0 release candidate 2 Digium Asterisk 13.1.1 (not an official CPE) Digium Asterisk 13.2.0 Digium Asterisk 13.2.0 release candidate 1 Digium Asterisk 13.2.1 (not an official CPE) Digium Asterisk 13.3.0 (not an official CPE) Digium Asterisk 13.3.0 Rc1 (not an official CPE) Digium Asterisk 13.3.1 (not an official CPE) Digium Asterisk 13.3.2 (not an official CPE) Digium Asterisk 13.4.0 (not an official CPE) Digium Asterisk 13.4.0 Rc1 (not an official CPE) Digium Asterisk 13.5.0 (not an official CPE) Digium Asterisk 13.5.0 Rc1 (not an official CPE) Digium Asterisk 13.6.0 (not an official CPE) Digium Asterisk 13.6.0 Rc1 (not an official CPE) Digium Asterisk 13.7.0 (not an official CPE) Digium Asterisk 13.7.0 Rc1 (not an official CPE) Digium Asterisk 13.7.0 Rc2 (not an official CPE) Digium Asterisk 13.7.1 (not an official CPE) Digium Asterisk 13.7.2 (not an official CPE) Digium Asterisk 13.8.0 (not an official CPE) Digium Asterisk 13.8.0 Rc1 (not an official CPE) Digium Asterisk 13.8.1 (not an official CPE) Digium Asterisk 13.8.2 (not an official CPE) Digium Asterisk 13.9.0 (not an official CPE) Digium Asterisk 13.9.1 (not an official CPE) Digium Asterisk 13.10.0 (not an official CPE) Digium Asterisk 13.10.0 Rc1 (not an official CPE) Digium Asterisk 13.11.0 (not an official CPE) Digium Asterisk 13.11.1 (not an official CPE) Digium Asterisk 13.11.2 (not an official CPE) Digium Asterisk 13.12 (not an official CPE) Digium Asterisk 13.12.0 (not an official CPE) Digium Asterisk 13.12.1 (not an official CPE) Digium Asterisk 13.12.2 (not an official CPE) Digium Asterisk 13.13 (not an official CPE) Digium Asterisk 13.13.0 (not an official CPE) Digium Asterisk 13.13.1 (not an official CPE) Digium Asterisk 13.14.0 (not an official CPE) Digium Asterisk 13.14.0 Rc1 (not an official CPE) Digium Asterisk 13.14.0 Rc2 (not an official CPE) Digium Asterisk 13.14.1 (not an official CPE) Digium Asterisk 13.15.0 (not an official CPE) Digium Asterisk 13.15.0 Rc1 (not an official CPE) Digium Asterisk 13.15.0 Rc2 (not an official CPE) Digium Asterisk 13.15.0 Rc3 (not an official CPE) Digium Asterisk 13.15.1 (not an official CPE) Digium Asterisk 13.16.0 (not an official CPE) Digium Asterisk 13.16.0 Rc1 (not an official CPE) Digium Asterisk 13.16.0 Rc2 (not an official CPE) Digium Asterisk 13.17.0 (not an official CPE) Digium Asterisk 13.17.0 Rc1 (not an official CPE) Digium Asterisk 13.17.1 (not an official CPE) Digium Asterisk 13.17.2 (not an official CPE) Digium Asterisk 13.18.0 (not an official CPE) Digium Asterisk 13.18.1 (not an official CPE) Digium Asterisk 13.18.2 (not an official CPE) Digium Asterisk 13.18.3 (not an official CPE) Digium Asterisk 13.18.4 (not an official CPE) Digium Asterisk 13.18.5 (not an official CPE) Digium Asterisk 13.19.0 (not an official CPE) Digium Asterisk 13.19.1 (not an official CPE) Digium Asterisk 13.19.2 (not an official CPE) Digium Asterisk 13.20.0 (not an official CPE) Digium Asterisk 13.21.0 (not an official CPE) Digium Asterisk 13.21.1 (not an official CPE) Digium Asterisk 13.22.0 (not an official CPE) Digium Asterisk 13.23.0 (not an official CPE) Digium Asterisk 15.0.0 (not an official CPE) Digium Asterisk 15.0.0 - (not an official CPE) Digium Asterisk 15.0.0 Beta1 (not an official CPE) Digium Asterisk 15.0.0 Rc1 (not an official CPE) Digium Asterisk 15.1.0 (not an official CPE) Digium Asterisk 15.1.1 (not an official CPE) Digium Asterisk 15.1.2 (not an official CPE) Digium Asterisk 15.1.3 (not an official CPE) Digium Asterisk 15.1.4 (not an official CPE) Digium Asterisk 15.1.5 (not an official CPE) Digium Asterisk 15.2.0 (not an official CPE) Digium Asterisk 15.2.0 Rc1 (not an official CPE) Digium Asterisk 15.2.0 Rc2 (not an official CPE) Digium Asterisk 15.2.1 (not an official CPE) Digium Asterisk 15.2.2 (not an official CPE) Digium Asterisk 15.3.0 (not an official CPE) Digium Asterisk 15.3.0 Rc1 (not an official CPE) Digium Asterisk 15.3.0 Rc2 (not an official CPE) Digium Asterisk 15.4.0 (not an official CPE) Digium Asterisk 15.4.0 Rc1 (not an official CPE) Digium Asterisk 15.4.0 Rc2 (not an official CPE) Digium Asterisk 15.4.1 (not an official CPE) Digium Asterisk 15.5.0 (not an official CPE) Digium Asterisk 15.5.0 Rc1 (not an official CPE) Digium Asterisk 15.6.0 (not an official CPE) Digium Asterisk 15.6.0 Rc1 (not an official CPE) Digium Asterisk 15.6.2 (not an official CPE) Digium Asterisk 15.7.0 - (not an official CPE) Digium Asterisk 15.7.0 Rc1 (not an official CPE) Digium Asterisk 15.7.1 (not an official CPE) Digium Asterisk 16.0.0 (not an official CPE) Digium Asterisk 16.0.0 Rc1 (not an official CPE) Digium Asterisk 16.0.0 Rc2 (not an official CPE) Digium Asterisk 16.0.0 Rc3 (not an official CPE) Digium Asterisk 16.0.1 (not an official CPE) Digium Asterisk 16.1.0 Rc1 (not an official CPE) Digium Asterisk 16.2.0 - (not an official CPE) Digium Asterisk 16.2.0 Rc1 (not an official CPE) Digium Asterisk 16.2.0 Rc2 (not an official CPE) Digium Asterisk 16.2.1 (not an official CPE) Digium Certified asterisk 13.21 Cert1 (not an official CPE) Digium Certified asterisk 13.21 Cert1-rc1 (not an official CPE) Digium Certified asterisk 13.21 Cert1-rc2 (not an official CPE) Digium Certified asterisk 13.21 Cert2 (not an official CPE) Digium Certified asterisk 13.21 Cert3 (not an official CPE)