CVE-2019-18976 Information

Description

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://downloads.asterisk.org/pub/security/AST-2019-008.html https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html https://seclists.org/fulldisclosure/2019/Nov/20 https://www.asterisk.org/downloads/security-advisories https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5