QwikSec

Security Database

CVE

CWE

Training

CVE-2019-15297

Published: Sep 9, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html

x_refsource_MISC

http://downloads.asterisk.org/pub/security/AST-2019-004.html

x_refsource_CONFIRM

20210304 AST-2021-006: Crash when negotiating T.38 with a zero port

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.