CVE-2019-12827

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

Published: Jul 12, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-12827
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
digium / certified_asterisk	13.21-cert1	13.21-cert1.x
digium / asterisk	15.0.0	15.7.2
digium / certified_asterisk	13.21-cert1-rc1	13.21-cert1-rc1.x
digium / certified_asterisk	13.21-cert1-rc2	13.21-cert1-rc2.x
digium / certified_asterisk	13.21-cert2	13.21-cert2.x
digium / certified_asterisk	13.21-cert3	13.21-cert3.x
digium / asterisk	16.0.0	16.4.0
digium / asterisk	13.0.0	13.27.0

http://downloads.digium.com/pub/security/AST-2019-002.html
https://issues.asterisk.org/jira/browse/ASTERISK-28447

Vulnerability Database

289,782

CVE-2019-12827