First published: Thu Mar 28 2019(Updated: )
An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Digium Asterisk | >=15.0.0<15.7.2 | |
Digium Asterisk | >=16.0.0<16.2.1 | |
>=15.0.0<15.7.2 | ||
>=16.0.0<16.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-7251.
The affected software is Digium Asterisk versions 15.7.1 and earlier, and 16.1.1 and earlier.
The severity of this vulnerability is medium with a CVSS score of 6.5.
Remote authenticated users can crash Asterisk by sending a specially crafted SDP protocol violation.
Yes, you can learn more about this vulnerability at the following references: [AST-2019-001](https://downloads.asterisk.org/pub/security/AST-2019-001.html) and [ASTERISK-28260](https://issues.asterisk.org/jira/browse/ASTERISK-28260).