CVE-2019-12827 Information

Description

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3 13.27.0 15.7.2 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://downloads.digium.com/pub/security/AST-2019-002.html https://issues.asterisk.org/jira/browse/ASTERISK-28447

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5