Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-26906

Опубликовано: 18 фев. 2021
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 13.0.0 (включая) до 13.38.2 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 16.0.0 (включая) до 16.16.1 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 17.0.0 (включая) до 17.9.2 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 18.0 (включая) до 18.2.1 (исключая)
cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*

EPSS

Процентиль: 74%
0.00811
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-404

Связанные уязвимости

ubuntu логотип

CVE-2021-26906

CVSS3: 5.9
ubuntu
почти 5 лет назад

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.

debian логотип

CVE-2021-26906

CVSS3: 5.9
debian
почти 5 лет назад

An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...

github логотип

GHSA-rjqf-qvfr-v23c

github
больше 3 лет назад

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.

EPSS

Процентиль: 74%
0.00811
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-404