CVE-2019-13161

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

Published: Jul 12, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-13161
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
digium / certified_asterisk	11.6-cert13	11.6-cert13.x
digium / certified_asterisk	1.8.14.0-rc1	1.8.14.0-rc1.x
digium / certified_asterisk	11.4.0-rc3	11.4.0-rc3.x
digium / certified_asterisk	11.6-cert6	11.6-cert6.x
digium / certified_asterisk	11.6-cert8	11.6-cert8.x
digium / certified_asterisk	11.6-cert2	11.6-cert2.x
digium / certified_asterisk	13.1.0-rc1	13.1.0-rc1.x
digium / certified_asterisk	11.1.0-rc3	11.1.0-rc3.x
digium / certified_asterisk	1.8.0.0-beta2	1.8.0.0-beta2.x
digium / certified_asterisk	1.8.10.0-rc2	1.8.10.0-rc2.x
digium / certified_asterisk	1.8.15-cert3	1.8.15-cert3.x
digium / certified_asterisk	1.8.15-cert1_rc3	1.8.15-cert1_rc3.x
digium / certified_asterisk	1.8.11-cert2	1.8.11-cert2.x
digium / certified_asterisk	11.6-cert7	11.6-cert7.x
digium / certified_asterisk	1.8.12.0-rc2	1.8.12.0-rc2.x
digium / certified_asterisk	1.8.3.0	1.8.3.0.x
digium / certified_asterisk	13.8-cert1	13.8-cert1.x
digium / certified_asterisk	1.8.8.0-rc3	1.8.8.0-rc3.x
digium / certified_asterisk	1.8.11-cert9	1.8.11-cert9.x
digium / certified_asterisk	11.6-cert15	11.6-cert15.x
digium / certified_asterisk	1.8.11-cert10	1.8.11-cert10.x
digium / certified_asterisk	11.6-cert4	11.6-cert4.x
digium / certified_asterisk	11.3.0-rc2	11.3.0-rc2.x
digium / certified_asterisk	1.8.11-cert5	1.8.11-cert5.x
digium / certified_asterisk	11.6-cert3	11.6-cert3.x
digium / certified_asterisk	13.1.0	13.1.0.x
digium / certified_asterisk	1.8.11.0-rc3	1.8.11.0-rc3.x
digium / certified_asterisk	1.8.11.0-rc2	1.8.11.0-rc2.x
digium / certified_asterisk	1.8.11-cert6	1.8.11-cert6.x
digium / certified_asterisk	1.8.6.0	1.8.6.0.x
digium / certified_asterisk	1.8.0.0	1.8.0.0.x
digium / certified_asterisk	1.8.0.0-rc2	1.8.0.0-rc2.x
digium / certified_asterisk	11.3.0	11.3.0.x
digium / certified_asterisk	11.6-cert14	11.6-cert14.x
digium / certified_asterisk	11.0.0	11.0.0.x
digium / certified_asterisk	1.8.28-cert2	1.8.28-cert2.x
digium / certified_asterisk	1.8.0.0-beta5	1.8.0.0-beta5.x
digium / certified_asterisk	1.8.0.0-rc5	1.8.0.0-rc5.x
digium / certified_asterisk	1.8.7.0	1.8.7.0.x
digium / certified_asterisk	1.8.13.0-rc1	1.8.13.0-rc1.x
digium / certified_asterisk	1.8.28.0	1.8.28.0.x
digium / certified_asterisk	1.8.1.0-rc1	1.8.1.0-rc1.x
digium / certified_asterisk	13.8-cert1_rc2	13.8-cert1_rc2.x
digium / certified_asterisk	1.8.8.0-rc1	1.8.8.0-rc1.x
digium / certified_asterisk	1.8.28-cert1	1.8.28-cert1.x
digium / certified_asterisk	11.0.0-rc1	11.0.0-rc1.x
digium / certified_asterisk	1.8.11-cert1	1.8.11-cert1.x
digium / certified_asterisk	11.5.0-rc2	11.5.0-rc2.x
digium / certified_asterisk	1.8.9.0	1.8.9.0.x
digium / certified_asterisk	1.8.4.0-rc2	1.8.4.0-rc2.x
digium / certified_asterisk	1.8.4.0-rc3	1.8.4.0-rc3.x
digium / certified_asterisk	11.6-cert12	11.6-cert12.x
digium / certified_asterisk	1.8.15-cert1-rc2	1.8.15-cert1-rc2.x
digium / certified_asterisk	11.6-cert1	11.6-cert1.x
digium / certified_asterisk	11.4.0	11.4.0.x
digium / certified_asterisk	1.8.0.0-beta4	1.8.0.0-beta4.x
digium / certified_asterisk	1.8.11-cert8	1.8.11-cert8.x
digium / certified_asterisk	1.8.15-cert4	1.8.15-cert4.x
digium / certified_asterisk	1.8.15-cert6	1.8.15-cert6.x
digium / certified_asterisk	1.8.15-cert1-rc1	1.8.15-cert1-rc1.x
digium / certified_asterisk	1.8.7.0-rc2	1.8.7.0-rc2.x
digium / certified_asterisk	11.4.0-rc1	11.4.0-rc1.x
digium / certified_asterisk	11.6.0	11.6.0.x
digium / certified_asterisk	1.8.5.0	1.8.5.0.x
digium / certified_asterisk	11.6-cert1_rc2	11.6-cert1_rc2.x
digium / certified_asterisk	1.8.0.0-rc3	1.8.0.0-rc3.x
digium / certified_asterisk	1.8.13.0	1.8.13.0.x
digium / certified_asterisk	13.8-cert1_rc3	13.8-cert1_rc3.x
digium / certified_asterisk	1.8.8.0-rc2	1.8.8.0-rc2.x
digium / certified_asterisk	13.8.0	13.8.0.x
digium / certified_asterisk	1.8.12.0	1.8.12.0.x
digium / certified_asterisk	1.8.28	1.8.28.x
digium / certified_asterisk	1.8.6.0-rc1	1.8.6.0-rc1.x
digium / certified_asterisk	11.3.0-rc1	11.3.0-rc1.x
digium / certified_asterisk	1.8.15-cert1	1.8.15-cert1.x
digium / certified_asterisk	1.8.9.0-rc2	1.8.9.0-rc2.x
digium / certified_asterisk	1.8.11-cert7	1.8.11-cert7.x
digium / certified_asterisk	1.8.10.0-rc1	1.8.10.0-rc1.x
digium / certified_asterisk	1.8.1.0	1.8.1.0.x
digium / certified_asterisk	11.1.0-rc2	11.1.0-rc2.x
digium / certified_asterisk	11.6-cert16	11.6-cert16.x
digium / certified_asterisk	1.8.3.0-rc1	1.8.3.0-rc1.x
digium / certified_asterisk	1.8.0.0-rc4	1.8.0.0-rc4.x
digium / certified_asterisk	11.6.0-rc1	11.6.0-rc1.x
digium / certified_asterisk	1.8.4.0-rc1	1.8.4.0-rc1.x
digium / certified_asterisk	13.8.0-rc1	13.8.0-rc1.x
digium / certified_asterisk	1.8.9.0-rc1	1.8.9.0-rc1.x
digium / certified_asterisk	1.8.12.0-rc3	1.8.12.0-rc3.x
digium / certified_asterisk	1.8.10.0-rc3	1.8.10.0-rc3.x
digium / certified_asterisk	11.6-cert9	11.6-cert9.x
digium / certified_asterisk	1.8.13.0-rc2	1.8.13.0-rc2.x
digium / certified_asterisk	1.8.15-cert5	1.8.15-cert5.x
digium / certified_asterisk	11.4.0-rc2	11.4.0-rc2.x
digium / certified_asterisk	1.8.11-cert	1.8.11-cert.x
digium / certified_asterisk	13.13-cert2	13.13-cert2.x
digium / certified_asterisk	11.6-cert5	11.6-cert5.x
digium / certified_asterisk	1.8.15-cert1_rc2	1.8.15-cert1_rc2.x
digium / certified_asterisk	13.1.0-rc2	13.1.0-rc2.x
digium / certified_asterisk	13.1-cert1	13.1-cert1.x
digium / certified_asterisk	11.6-cert10	11.6-cert10.x
digium / certified_asterisk	1.8.9.0-rc3	1.8.9.0-rc3.x
digium / certified_asterisk	11.6-cert11	11.6-cert11.x
digium / certified_asterisk	1.8.0.0-beta3	1.8.0.0-beta3.x
digium / certified_asterisk	1.8.15-cert1_rc1	1.8.15-cert1_rc1.x
digium / certified_asterisk	1.8.4.0	1.8.4.0.x
digium / certified_asterisk	1.8.10.0	1.8.10.0.x
digium / certified_asterisk	1.8.12.0-rc1	1.8.12.0-rc1.x
digium / certified_asterisk	1.8.3.0-rc3	1.8.3.0-rc3.x
digium / certified_asterisk	1.8.0.0-beta1	1.8.0.0-beta1.x
digium / certified_asterisk	1.8.2.0	1.8.2.0.x
digium / certified_asterisk	11.0.0-rc2	11.0.0-rc2.x
digium / certified_asterisk	13.1-cert2	13.1-cert2.x
digium / certified_asterisk	11.5.0-rc1	11.5.0-rc1.x
digium / certified_asterisk	1.8.15-cert1-rc3	1.8.15-cert1-rc3.x
digium / certified_asterisk	1.8.10.0-rc4	1.8.10.0-rc4.x
digium / certified_asterisk	1.8.14.0-rc2	1.8.14.0-rc2.x
digium / certified_asterisk	1.8.11-cert3	1.8.11-cert3.x
digium / certified_asterisk	1.8.5.0-rc1	1.8.5.0-rc1.x
digium / certified_asterisk	11.6-cert1_rc1	11.6-cert1_rc1.x
digium / certified_asterisk	1.8.7.0-rc1	1.8.7.0-rc1.x
digium / certified_asterisk	13.8-cert1_rc1	13.8-cert1_rc1.x
digium / certified_asterisk	1.8.8.0	1.8.8.0.x
digium / certified_asterisk	1.8.6.0-rc3	1.8.6.0-rc3.x
digium / certified_asterisk	1.8.15	1.8.15.x
digium / certified_asterisk	1.8.0.0-rc1	1.8.0.0-rc1.x
digium / certified_asterisk	1.8.2.0-rc1	1.8.2.0-rc1.x
digium / certified_asterisk	13.13-cert3	13.13-cert3.x
digium / certified_asterisk	1.8.11.0	1.8.11.0.x
digium / certified_asterisk	1.8.6.0-rc2	1.8.6.0-rc2.x
digium / certified_asterisk	1.8.8.0-rc5	1.8.8.0-rc5.x
digium / certified_asterisk	1.8.11.0-rc1	1.8.11.0-rc1.x
digium / certified_asterisk	11.5.0	11.5.0.x
digium / certified_asterisk	11.1.0-rc1	11.1.0-rc1.x
digium / certified_asterisk	11.1.0	11.1.0.x
digium / certified_asterisk	13.8-cert2_rc1	13.8-cert2_rc1.x
digium / certified_asterisk	1.8.11-cert4	1.8.11-cert4.x
digium / certified_asterisk	1.8.3.0-rc2	1.8.3.0-rc2.x
digium / certified_asterisk	13.13-cert4	13.13-cert4.x
digium / certified_asterisk	1.8.8.0-rc4	1.8.8.0-rc4.x
digium / certified_asterisk	11.6.0-rc2	11.6.0-rc2.x
digium / certified_asterisk	1.8.15-cert2	1.8.15-cert2.x
digium / certified_asterisk	13.13-cert5	13.13-cert5.x
digium / certified_asterisk	13.13-cert6	13.13-cert6.x
digium / certified_asterisk	13.13-cert7	13.13-cert7.x
digium / certified_asterisk	13.13-cert8	13.13-cert8.x
digium / certified_asterisk	13.18-cert1	13.18-cert1.x
digium / certified_asterisk	13.18-cert2	13.18-cert2.x
digium / certified_asterisk	13.18-cert3	13.18-cert3.x
digium / certified_asterisk	13.21-cert1	13.21-cert1.x
digium / certified_asterisk	1.8.28-cert1-rc1	1.8.28-cert1-rc1.x
digium / certified_asterisk	1.8.28-cert3	1.8.28-cert3.x
digium / certified_asterisk	1.8.28-cert4	1.8.28-cert4.x
digium / certified_asterisk	1.8.28-cert5	1.8.28-cert5.x
digium / certified_asterisk	13.21-cert1-rc1	13.21-cert1-rc1.x
digium / certified_asterisk	13.21-cert1-rc2	13.21-cert1-rc2.x
digium / certified_asterisk	13.21-cert2	13.21-cert2.x
digium / certified_asterisk	13.21-cert3	13.21-cert3.x
digium / certified_asterisk	1.8.11-cert3-rc1	1.8.11-cert3-rc1.x
digium / certified_asterisk	1.8.11-cert3-rc2	1.8.11-cert3-rc2.x
digium / certified_asterisk	1.8.11-cert5-rc1	1.8.11-cert5-rc1.x
digium / certified_asterisk	1.8.11-cert5-rc2	1.8.11-cert5-rc2.x
digium / certified_asterisk	1.8.11-cert9-rc1	1.8.11-cert9-rc1.x
digium / certified_asterisk	1.8.15-cert7	1.8.15-cert7.x
digium / certified_asterisk	11.2-cert1	11.2-cert1.x
digium / certified_asterisk	11.2-cert1-rc2	11.2-cert1-rc2.x
digium / certified_asterisk	11.2-cert2	11.2-cert2.x
digium / certified_asterisk	11.2-cert3	11.2-cert3.x
digium / certified_asterisk	11.6-cert1-rc1	11.6-cert1-rc1.x
digium / certified_asterisk	11.6-cert1-rc2	11.6-cert1-rc2.x
digium / certified_asterisk	11.6-cert14-rc1	11.6-cert14-rc1.x
digium / certified_asterisk	11.6-cert14-rc2	11.6-cert14-rc2.x
digium / certified_asterisk	11.6-cert17	11.6-cert17.x
digium / certified_asterisk	11.6-cert18	11.6-cert18.x
digium / certified_asterisk	13.1-cert1-rc1	13.1-cert1-rc1.x
digium / certified_asterisk	13.1-cert1-rc3	13.1-cert1-rc3.x
digium / certified_asterisk	13.1-cert3	13.1-cert3.x
digium / certified_asterisk	13.1-cert3-rc1	13.1-cert3-rc1.x
digium / certified_asterisk	13.1-cert4	13.1-cert4.x
digium / certified_asterisk	13.1-cert5	13.1-cert5.x
digium / certified_asterisk	13.1-cert6	13.1-cert6.x
digium / certified_asterisk	13.1-cert7	13.1-cert7.x
digium / certified_asterisk	13.1-cert8	13.1-cert8.x
digium / certified_asterisk	13.8-cert1-rc2	13.8-cert1-rc2.x
digium / certified_asterisk	13.8-cert1-rc3	13.8-cert1-rc3.x
digium / certified_asterisk	13.8-cert2	13.8-cert2.x
digium / certified_asterisk	13.8-cert2-rc1	13.8-cert2-rc1.x
digium / certified_asterisk	13.8-cert3	13.8-cert3.x
digium / certified_asterisk	13.8-cert4	13.8-cert4.x
digium / certified_asterisk	13.13-cert1-rc1	13.13-cert1-rc1.x
digium / certified_asterisk	13.13-cert1-rc2	13.13-cert1-rc2.x
digium / certified_asterisk	13.13-cert1-rc3	13.13-cert1-rc3.x
digium / certified_asterisk	13.13-cert1-rc4	13.13-cert1-rc4.x
digium / certified_asterisk	13.13-cert9	13.13-cert9.x
digium / certified_asterisk	13.18-cert1-rc1	13.18-cert1-rc1.x
digium / certified_asterisk	13.18-cert1-rc2	13.18-cert1-rc2.x
digium / certified_asterisk	13.18-cert1-rc3	13.18-cert1-rc3.x
digium / certified_asterisk	13.18-cert4	13.18-cert4.x
digium / asterisk	15.0.0	15.7.3
digium / asterisk	16.0.0	16.4.1
digium / asterisk	13.0.0	13.27.1
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x

Vulnerability Database

289,784

CVE-2019-13161