CVE-2021-31878
Summary
| CVE | CVE-2021-31878 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-07-30 14:15:00 UTC |
| Updated | 2021-08-07 02:05:00 UTC |
| Description | An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request. |
Risk And Classification
Problem Types: CWE-617
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Digium | Asterisk | 16.17.0 | All | All | All |
| Application | Digium | Asterisk | 16.18.0 | All | All | All |
| Application | Digium | Asterisk | 16.19.0 | All | All | All |
| Application | Digium | Asterisk | 18.3.0 | All | All | All |
| Application | Digium | Asterisk | 18.4.0 | All | All | All |
| Application | Digium | Asterisk | 18.5.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Asterisk Project Security Advisory - AST-2021-007 ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Full Disclosure: AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver | FULLDISC | seclists.org | |
| AST-2021-007 | MISC | downloads.digium.com | |
| [ASTERISK-29381] chan_pjsip: Remote denial of service by an authenticated user - Digium/Asterisk JIRA | MISC | issues.asterisk.org | |
| AST-2021-007 | MISC | downloads.asterisk.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 690082 Free Berkeley Software Distribution (FreeBSD) Security Update for asterisk (ffa364e1-ebf5-11eb-aef1-0897988a1c07)