An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Certified_asterisk | Digium | 1.8.0.0 (including) | 1.8.0.0 (including) |
| Certified_asterisk | Digium | 1.8.0.0-beta1 (including) | 1.8.0.0-beta1 (including) |
| Certified_asterisk | Digium | 1.8.0.0-beta2 (including) | 1.8.0.0-beta2 (including) |
| Certified_asterisk | Digium | 1.8.0.0-beta3 (including) | 1.8.0.0-beta3 (including) |
| Certified_asterisk | Digium | 1.8.0.0-beta4 (including) | 1.8.0.0-beta4 (including) |
| Certified_asterisk | Digium | 1.8.0.0-beta5 (including) | 1.8.0.0-beta5 (including) |
| Certified_asterisk | Digium | 1.8.0.0-rc1 (including) | 1.8.0.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.0.0-rc2 (including) | 1.8.0.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.0.0-rc3 (including) | 1.8.0.0-rc3 (including) |
| Certified_asterisk | Digium | 1.8.0.0-rc4 (including) | 1.8.0.0-rc4 (including) |
| Certified_asterisk | Digium | 1.8.0.0-rc5 (including) | 1.8.0.0-rc5 (including) |
| Certified_asterisk | Digium | 1.8.1.0 (including) | 1.8.1.0 (including) |
| Certified_asterisk | Digium | 1.8.1.0-rc1 (including) | 1.8.1.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.2.0 (including) | 1.8.2.0 (including) |
| Certified_asterisk | Digium | 1.8.2.0-rc1 (including) | 1.8.2.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.3.0 (including) | 1.8.3.0 (including) |
| Certified_asterisk | Digium | 1.8.3.0-rc1 (including) | 1.8.3.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.3.0-rc2 (including) | 1.8.3.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.3.0-rc3 (including) | 1.8.3.0-rc3 (including) |
| Certified_asterisk | Digium | 1.8.4.0 (including) | 1.8.4.0 (including) |
| Certified_asterisk | Digium | 1.8.4.0-rc1 (including) | 1.8.4.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.4.0-rc2 (including) | 1.8.4.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.4.0-rc3 (including) | 1.8.4.0-rc3 (including) |
| Certified_asterisk | Digium | 1.8.5.0 (including) | 1.8.5.0 (including) |
| Certified_asterisk | Digium | 1.8.5.0-rc1 (including) | 1.8.5.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.6.0 (including) | 1.8.6.0 (including) |
| Certified_asterisk | Digium | 1.8.6.0-rc1 (including) | 1.8.6.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.6.0-rc2 (including) | 1.8.6.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.6.0-rc3 (including) | 1.8.6.0-rc3 (including) |
| Certified_asterisk | Digium | 1.8.7.0 (including) | 1.8.7.0 (including) |
| Certified_asterisk | Digium | 1.8.7.0-rc1 (including) | 1.8.7.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.7.0-rc2 (including) | 1.8.7.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.8.0 (including) | 1.8.8.0 (including) |
| Certified_asterisk | Digium | 1.8.8.0-rc1 (including) | 1.8.8.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.8.0-rc2 (including) | 1.8.8.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.8.0-rc3 (including) | 1.8.8.0-rc3 (including) |
| Certified_asterisk | Digium | 1.8.8.0-rc4 (including) | 1.8.8.0-rc4 (including) |
| Certified_asterisk | Digium | 1.8.8.0-rc5 (including) | 1.8.8.0-rc5 (including) |
| Certified_asterisk | Digium | 1.8.9.0 (including) | 1.8.9.0 (including) |
| Certified_asterisk | Digium | 1.8.9.0-rc1 (including) | 1.8.9.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.9.0-rc2 (including) | 1.8.9.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.9.0-rc3 (including) | 1.8.9.0-rc3 (including) |
| Certified_asterisk | Digium | 1.8.10.0 (including) | 1.8.10.0 (including) |
| Certified_asterisk | Digium | 1.8.10.0-rc1 (including) | 1.8.10.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.10.0-rc2 (including) | 1.8.10.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.10.0-rc3 (including) | 1.8.10.0-rc3 (including) |
| Certified_asterisk | Digium | 1.8.10.0-rc4 (including) | 1.8.10.0-rc4 (including) |
| Certified_asterisk | Digium | 1.8.11-cert (including) | 1.8.11-cert (including) |
| Certified_asterisk | Digium | 1.8.11-cert1 (including) | 1.8.11-cert1 (including) |
| Certified_asterisk | Digium | 1.8.11-cert10 (including) | 1.8.11-cert10 (including) |
| Certified_asterisk | Digium | 1.8.11-cert2 (including) | 1.8.11-cert2 (including) |
| Certified_asterisk | Digium | 1.8.11-cert3 (including) | 1.8.11-cert3 (including) |
| Certified_asterisk | Digium | 1.8.11-cert3-rc1 (including) | 1.8.11-cert3-rc1 (including) |
| Certified_asterisk | Digium | 1.8.11-cert3-rc2 (including) | 1.8.11-cert3-rc2 (including) |
| Certified_asterisk | Digium | 1.8.11-cert4 (including) | 1.8.11-cert4 (including) |
| Certified_asterisk | Digium | 1.8.11-cert5 (including) | 1.8.11-cert5 (including) |
| Certified_asterisk | Digium | 1.8.11-cert5-rc1 (including) | 1.8.11-cert5-rc1 (including) |
| Certified_asterisk | Digium | 1.8.11-cert5-rc2 (including) | 1.8.11-cert5-rc2 (including) |
| Certified_asterisk | Digium | 1.8.11-cert6 (including) | 1.8.11-cert6 (including) |
| Certified_asterisk | Digium | 1.8.11-cert7 (including) | 1.8.11-cert7 (including) |
| Certified_asterisk | Digium | 1.8.11-cert8 (including) | 1.8.11-cert8 (including) |
| Certified_asterisk | Digium | 1.8.11-cert9 (including) | 1.8.11-cert9 (including) |
| Certified_asterisk | Digium | 1.8.11-cert9-rc1 (including) | 1.8.11-cert9-rc1 (including) |
| Certified_asterisk | Digium | 1.8.11.0 (including) | 1.8.11.0 (including) |
| Certified_asterisk | Digium | 1.8.11.0-rc1 (including) | 1.8.11.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.11.0-rc2 (including) | 1.8.11.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.11.0-rc3 (including) | 1.8.11.0-rc3 (including) |
| Certified_asterisk | Digium | 1.8.12.0 (including) | 1.8.12.0 (including) |
| Certified_asterisk | Digium | 1.8.12.0-rc1 (including) | 1.8.12.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.12.0-rc2 (including) | 1.8.12.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.12.0-rc3 (including) | 1.8.12.0-rc3 (including) |
| Certified_asterisk | Digium | 1.8.13.0 (including) | 1.8.13.0 (including) |
| Certified_asterisk | Digium | 1.8.13.0-rc1 (including) | 1.8.13.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.13.0-rc2 (including) | 1.8.13.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.14.0-rc1 (including) | 1.8.14.0-rc1 (including) |
| Certified_asterisk | Digium | 1.8.14.0-rc2 (including) | 1.8.14.0-rc2 (including) |
| Certified_asterisk | Digium | 1.8.15 (including) | 1.8.15 (including) |
| Certified_asterisk | Digium | 1.8.15-cert1 (including) | 1.8.15-cert1 (including) |
| Certified_asterisk | Digium | 1.8.15-cert1-rc1 (including) | 1.8.15-cert1-rc1 (including) |
| Certified_asterisk | Digium | 1.8.15-cert1-rc2 (including) | 1.8.15-cert1-rc2 (including) |
| Certified_asterisk | Digium | 1.8.15-cert1-rc3 (including) | 1.8.15-cert1-rc3 (including) |
| Certified_asterisk | Digium | 1.8.15-cert1_rc1 (including) | 1.8.15-cert1_rc1 (including) |
| Certified_asterisk | Digium | 1.8.15-cert1_rc2 (including) | 1.8.15-cert1_rc2 (including) |
| Certified_asterisk | Digium | 1.8.15-cert1_rc3 (including) | 1.8.15-cert1_rc3 (including) |
| Certified_asterisk | Digium | 1.8.15-cert2 (including) | 1.8.15-cert2 (including) |
| Certified_asterisk | Digium | 1.8.15-cert3 (including) | 1.8.15-cert3 (including) |
| Certified_asterisk | Digium | 1.8.15-cert4 (including) | 1.8.15-cert4 (including) |
| Certified_asterisk | Digium | 1.8.15-cert5 (including) | 1.8.15-cert5 (including) |
| Certified_asterisk | Digium | 1.8.15-cert6 (including) | 1.8.15-cert6 (including) |
| Certified_asterisk | Digium | 1.8.15-cert7 (including) | 1.8.15-cert7 (including) |
| Certified_asterisk | Digium | 1.8.28 (including) | 1.8.28 (including) |
| Certified_asterisk | Digium | 1.8.28-cert1 (including) | 1.8.28-cert1 (including) |
| Certified_asterisk | Digium | 1.8.28-cert1-rc1 (including) | 1.8.28-cert1-rc1 (including) |
| Certified_asterisk | Digium | 1.8.28-cert2 (including) | 1.8.28-cert2 (including) |
| Certified_asterisk | Digium | 1.8.28-cert3 (including) | 1.8.28-cert3 (including) |
| Certified_asterisk | Digium | 1.8.28-cert4 (including) | 1.8.28-cert4 (including) |
| Certified_asterisk | Digium | 1.8.28-cert5 (including) | 1.8.28-cert5 (including) |
| Certified_asterisk | Digium | 1.8.28.0 (including) | 1.8.28.0 (including) |
| Certified_asterisk | Digium | 11.0.0 (including) | 11.0.0 (including) |
| Certified_asterisk | Digium | 11.0.0-rc1 (including) | 11.0.0-rc1 (including) |
| Certified_asterisk | Digium | 11.0.0-rc2 (including) | 11.0.0-rc2 (including) |
| Certified_asterisk | Digium | 11.1.0 (including) | 11.1.0 (including) |
| Certified_asterisk | Digium | 11.1.0-rc1 (including) | 11.1.0-rc1 (including) |
| Certified_asterisk | Digium | 11.1.0-rc2 (including) | 11.1.0-rc2 (including) |
| Certified_asterisk | Digium | 11.1.0-rc3 (including) | 11.1.0-rc3 (including) |
| Certified_asterisk | Digium | 11.2-cert1 (including) | 11.2-cert1 (including) |
| Certified_asterisk | Digium | 11.2-cert1-rc2 (including) | 11.2-cert1-rc2 (including) |
| Certified_asterisk | Digium | 11.2-cert2 (including) | 11.2-cert2 (including) |
| Certified_asterisk | Digium | 11.2-cert3 (including) | 11.2-cert3 (including) |
| Certified_asterisk | Digium | 11.3.0 (including) | 11.3.0 (including) |
| Certified_asterisk | Digium | 11.3.0-rc1 (including) | 11.3.0-rc1 (including) |
| Certified_asterisk | Digium | 11.3.0-rc2 (including) | 11.3.0-rc2 (including) |
| Certified_asterisk | Digium | 11.4.0 (including) | 11.4.0 (including) |
| Certified_asterisk | Digium | 11.4.0-rc1 (including) | 11.4.0-rc1 (including) |
| Certified_asterisk | Digium | 11.4.0-rc2 (including) | 11.4.0-rc2 (including) |
| Certified_asterisk | Digium | 11.4.0-rc3 (including) | 11.4.0-rc3 (including) |
| Certified_asterisk | Digium | 11.5.0 (including) | 11.5.0 (including) |
| Certified_asterisk | Digium | 11.5.0-rc1 (including) | 11.5.0-rc1 (including) |
| Certified_asterisk | Digium | 11.5.0-rc2 (including) | 11.5.0-rc2 (including) |
| Certified_asterisk | Digium | 11.6-cert1 (including) | 11.6-cert1 (including) |
| Certified_asterisk | Digium | 11.6-cert1-rc1 (including) | 11.6-cert1-rc1 (including) |
| Certified_asterisk | Digium | 11.6-cert1-rc2 (including) | 11.6-cert1-rc2 (including) |
| Certified_asterisk | Digium | 11.6-cert1_rc1 (including) | 11.6-cert1_rc1 (including) |
| Certified_asterisk | Digium | 11.6-cert1_rc2 (including) | 11.6-cert1_rc2 (including) |
| Certified_asterisk | Digium | 11.6-cert10 (including) | 11.6-cert10 (including) |
| Certified_asterisk | Digium | 11.6-cert11 (including) | 11.6-cert11 (including) |
| Certified_asterisk | Digium | 11.6-cert12 (including) | 11.6-cert12 (including) |
| Certified_asterisk | Digium | 11.6-cert13 (including) | 11.6-cert13 (including) |
| Certified_asterisk | Digium | 11.6-cert14 (including) | 11.6-cert14 (including) |
| Certified_asterisk | Digium | 11.6-cert14-rc1 (including) | 11.6-cert14-rc1 (including) |
| Certified_asterisk | Digium | 11.6-cert14-rc2 (including) | 11.6-cert14-rc2 (including) |
| Certified_asterisk | Digium | 11.6-cert15 (including) | 11.6-cert15 (including) |
| Certified_asterisk | Digium | 11.6-cert16 (including) | 11.6-cert16 (including) |
| Certified_asterisk | Digium | 11.6-cert17 (including) | 11.6-cert17 (including) |
| Certified_asterisk | Digium | 11.6-cert18 (including) | 11.6-cert18 (including) |
| Certified_asterisk | Digium | 11.6-cert2 (including) | 11.6-cert2 (including) |
| Certified_asterisk | Digium | 11.6-cert3 (including) | 11.6-cert3 (including) |
| Certified_asterisk | Digium | 11.6-cert4 (including) | 11.6-cert4 (including) |
| Certified_asterisk | Digium | 11.6-cert5 (including) | 11.6-cert5 (including) |
| Certified_asterisk | Digium | 11.6-cert6 (including) | 11.6-cert6 (including) |
| Certified_asterisk | Digium | 11.6-cert7 (including) | 11.6-cert7 (including) |
| Certified_asterisk | Digium | 11.6-cert8 (including) | 11.6-cert8 (including) |
| Certified_asterisk | Digium | 11.6-cert9 (including) | 11.6-cert9 (including) |
| Certified_asterisk | Digium | 11.6.0 (including) | 11.6.0 (including) |
| Certified_asterisk | Digium | 11.6.0-rc1 (including) | 11.6.0-rc1 (including) |
| Certified_asterisk | Digium | 11.6.0-rc2 (including) | 11.6.0-rc2 (including) |
| Certified_asterisk | Digium | 13.1-cert1 (including) | 13.1-cert1 (including) |
| Certified_asterisk | Digium | 13.1-cert1-rc1 (including) | 13.1-cert1-rc1 (including) |
| Certified_asterisk | Digium | 13.1-cert1-rc3 (including) | 13.1-cert1-rc3 (including) |
| Certified_asterisk | Digium | 13.1-cert2 (including) | 13.1-cert2 (including) |
| Certified_asterisk | Digium | 13.1-cert3 (including) | 13.1-cert3 (including) |
| Certified_asterisk | Digium | 13.1-cert3-rc1 (including) | 13.1-cert3-rc1 (including) |
| Certified_asterisk | Digium | 13.1-cert4 (including) | 13.1-cert4 (including) |
| Certified_asterisk | Digium | 13.1-cert5 (including) | 13.1-cert5 (including) |
| Certified_asterisk | Digium | 13.1-cert6 (including) | 13.1-cert6 (including) |
| Certified_asterisk | Digium | 13.1-cert7 (including) | 13.1-cert7 (including) |
| Certified_asterisk | Digium | 13.1-cert8 (including) | 13.1-cert8 (including) |
| Certified_asterisk | Digium | 13.1.0 (including) | 13.1.0 (including) |
| Certified_asterisk | Digium | 13.1.0-rc1 (including) | 13.1.0-rc1 (including) |
| Certified_asterisk | Digium | 13.1.0-rc2 (including) | 13.1.0-rc2 (including) |
| Certified_asterisk | Digium | 13.8-cert1 (including) | 13.8-cert1 (including) |
| Certified_asterisk | Digium | 13.8-cert1-rc2 (including) | 13.8-cert1-rc2 (including) |
| Certified_asterisk | Digium | 13.8-cert1-rc3 (including) | 13.8-cert1-rc3 (including) |
| Certified_asterisk | Digium | 13.8-cert1_rc1 (including) | 13.8-cert1_rc1 (including) |
| Certified_asterisk | Digium | 13.8-cert1_rc2 (including) | 13.8-cert1_rc2 (including) |
| Certified_asterisk | Digium | 13.8-cert1_rc3 (including) | 13.8-cert1_rc3 (including) |
| Certified_asterisk | Digium | 13.8-cert2 (including) | 13.8-cert2 (including) |
| Certified_asterisk | Digium | 13.8-cert2-rc1 (including) | 13.8-cert2-rc1 (including) |
| Certified_asterisk | Digium | 13.8-cert2_rc1 (including) | 13.8-cert2_rc1 (including) |
| Certified_asterisk | Digium | 13.8-cert3 (including) | 13.8-cert3 (including) |
| Certified_asterisk | Digium | 13.8-cert4 (including) | 13.8-cert4 (including) |
| Certified_asterisk | Digium | 13.8.0 (including) | 13.8.0 (including) |
| Certified_asterisk | Digium | 13.8.0-rc1 (including) | 13.8.0-rc1 (including) |
| Certified_asterisk | Digium | 13.13-cert1-rc1 (including) | 13.13-cert1-rc1 (including) |
| Certified_asterisk | Digium | 13.13-cert1-rc2 (including) | 13.13-cert1-rc2 (including) |
| Certified_asterisk | Digium | 13.13-cert1-rc3 (including) | 13.13-cert1-rc3 (including) |
| Certified_asterisk | Digium | 13.13-cert1-rc4 (including) | 13.13-cert1-rc4 (including) |
| Certified_asterisk | Digium | 13.13-cert2 (including) | 13.13-cert2 (including) |
| Certified_asterisk | Digium | 13.13-cert3 (including) | 13.13-cert3 (including) |
| Certified_asterisk | Digium | 13.13-cert4 (including) | 13.13-cert4 (including) |
| Certified_asterisk | Digium | 13.13-cert5 (including) | 13.13-cert5 (including) |
| Certified_asterisk | Digium | 13.13-cert6 (including) | 13.13-cert6 (including) |
| Certified_asterisk | Digium | 13.13-cert7 (including) | 13.13-cert7 (including) |
| Certified_asterisk | Digium | 13.13-cert8 (including) | 13.13-cert8 (including) |
| Certified_asterisk | Digium | 13.13-cert9 (including) | 13.13-cert9 (including) |
| Certified_asterisk | Digium | 13.18-cert1 (including) | 13.18-cert1 (including) |
| Certified_asterisk | Digium | 13.18-cert1-rc1 (including) | 13.18-cert1-rc1 (including) |
| Certified_asterisk | Digium | 13.18-cert1-rc2 (including) | 13.18-cert1-rc2 (including) |
| Certified_asterisk | Digium | 13.18-cert1-rc3 (including) | 13.18-cert1-rc3 (including) |
| Certified_asterisk | Digium | 13.18-cert2 (including) | 13.18-cert2 (including) |
| Certified_asterisk | Digium | 13.18-cert3 (including) | 13.18-cert3 (including) |
| Certified_asterisk | Digium | 13.18-cert4 (including) | 13.18-cert4 (including) |
| Certified_asterisk | Digium | 13.21-cert1 (including) | 13.21-cert1 (including) |
| Certified_asterisk | Digium | 13.21-cert1-rc1 (including) | 13.21-cert1-rc1 (including) |
| Certified_asterisk | Digium | 13.21-cert1-rc2 (including) | 13.21-cert1-rc2 (including) |
| Certified_asterisk | Digium | 13.21-cert2 (including) | 13.21-cert2 (including) |
| Certified_asterisk | Digium | 13.21-cert3 (including) | 13.21-cert3 (including) |
| Asterisk | Ubuntu | bionic | * |
| Asterisk | Ubuntu | cosmic | * |
| Asterisk | Ubuntu | disco | * |
| Asterisk | Ubuntu | esm-apps/bionic | * |
| Asterisk | Ubuntu | esm-apps/xenial | * |
| Asterisk | Ubuntu | trusty | * |
| Asterisk | Ubuntu | upstream | * |
| Asterisk | Ubuntu | xenial | * |