Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-26717

Опубликовано: 18 фев. 2021
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 16.0.0 (включая) до 16.16.1 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 17.0.0 (включая) до 17.9.2 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 18.0 (включая) до 18.2.1 (исключая)
cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*

EPSS

Процентиль: 62%
0.00421
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2021-26717

CVSS3: 7.5
ubuntu
почти 5 лет назад

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.

debian логотип

CVE-2021-26717

CVSS3: 7.5
debian
почти 5 лет назад

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x ...

github логотип

GHSA-9mrj-wq9r-h4vw

github
больше 3 лет назад

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.

EPSS

Процентиль: 62%
0.00421
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo