An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html | Patch Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2021/Jul/49 | Mailing List Patch Third Party Advisory |
https://downloads.asterisk.org/pub/security/AST-2021-008.html | Patch Vendor Advisory |
https://issues.asterisk.org/jira/browse/ASTERISK-29392 | Exploit Issue Tracking Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2021/dsa-4999 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
28 Nov 2021, 23:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4999 - Third Party Advisory |
17 Nov 2021, 22:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Nov 2021, 01:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Nov 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Aug 2021, 19:45
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:digium:certified_asterisk:16.8:cert9:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:* cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert8:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert6:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert7:*:*:*:*:*:* cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:* |
|
References |
|
|
References | (FULLDISC) http://seclists.org/fulldisclosure/2021/Jul/49 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://downloads.asterisk.org/pub/security/AST-2021-008.html - Patch, Vendor Advisory | |
References | (MISC) https://issues.asterisk.org/jira/browse/ASTERISK-29392 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html - Patch, Third Party Advisory, VDB Entry |
30 Jul 2021, 15:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-30 14:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-32558
Mitre link : CVE-2021-32558
CVE.ORG link : CVE-2021-32558
JSON object : View
Products Affected
digium
- asterisk
- certified_asterisk
debian
- debian_linux
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')