First published: Tue Jul 27 2021(Updated: )
An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Digium Asterisk | =16.17.0 | |
Digium Asterisk | =16.18.0 | |
Digium Asterisk | =16.19.0 | |
Digium Asterisk | =18.3.0 | |
Digium Asterisk | =18.4.0 | |
Digium Asterisk | =18.5.0 |
http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-31878.
The severity level of CVE-2021-31878 is medium with a score of 6.5.
The vulnerability in CVE-2021-31878 occurs when a re-INVITE without SDP is received after Asterisk has sent a BYE request.
Asterisk versions 16.17.0, 16.18.0, 16.19.0, 18.3.0, 18.4.0, and 18.5.0 are affected by CVE-2021-31878.
To fix the vulnerability in CVE-2021-31878, it is recommended to update to Asterisk versions 16.19.1 or 18.5.1.