CVE-2021-31878
First published: Fri Jul 30 2021(Updated: )
An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Digium Asterisk | =16.17.0 | |
| Digium Asterisk | =16.18.0 | |
| Digium Asterisk | =16.19.0 | |
| Digium Asterisk | =18.3.0 | |
| Digium Asterisk | =18.4.0 | |
| Digium Asterisk | =18.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://downloads.asterisk.org/pub/security/AST-2021-007.html
- http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html
- http://seclists.org/fulldisclosure/2021/Jul/48
- https://downloads.digium.com/pub/security/AST-2021-007.html
- https://issues.asterisk.org/jira/browse/ASTERISK-29381
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-31878.
What is the severity level of CVE-2021-31878?
The severity level of CVE-2021-31878 is medium with a score of 6.5.
How does the vulnerability in CVE-2021-31878 occur?
The vulnerability in CVE-2021-31878 occurs when a re-INVITE without SDP is received after Asterisk has sent a BYE request.
Which versions of Asterisk are affected by CVE-2021-31878?
Asterisk versions 16.17.0, 16.18.0, 16.19.0, 18.3.0, 18.4.0, and 18.5.0 are affected by CVE-2021-31878.
How can I fix the vulnerability in CVE-2021-31878?
To fix the vulnerability in CVE-2021-31878, it is recommended to update to Asterisk versions 16.19.1 or 18.5.1.
- collector/nvd-index
- vendor/digium
- product/asterisk
- canonical/digium asterisk