CVE-2019-13161

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
Configurations

Configuration 1

cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert10:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28.0:*:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert6:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.5.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8:cert2_rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.18:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.28:cert5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:1.8.15:cert7:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.2:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.2:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.2:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.2:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert14-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert14-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert17:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert18:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1:cert3-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1:cert5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1:cert6:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1:cert7:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.1:cert8:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8:cert2-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.8:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert9:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13-cert2:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.18:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2019-07-12 08:15

Updated : 2022-06-01 07:58


NVD link : CVE-2019-13161

Mitre link : CVE-2019-13161

Products Affected
No products.
CWE