CVE-2019-12827

Published Jul 12, 2019

Last updated 4 years ago

CVSS medium 6.5

Overview

Description: Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCA6DD0A-1C55-4334-8AF3-DB7B2EFB07E0",
            "versionEndExcluding": "13.27.0",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "212B9BDD-ECC4-4CA3-B776-556C98EADF1D",
            "versionEndExcluding": "15.7.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E458297-5218-48A3-8690-66E6C6549757",
            "versionEndExcluding": "16.4.0",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC85AF18-A304-4BD8-AFAA-F99AC37A799B"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03094F8E-FF0C-4831-A50F-B601949FD3BF"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A7B650A-4785-4A8B-BCB6-1B630A0E18E0"
          },
          {
            "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B791DBB-EB45-4E9C-9C57-249D196EC0E5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References