CVE-2019-12827

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-12827
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12827.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-12827
Downstream
Published
2019-07-12T20:15:11.063Z
Modified
2026-04-10T04:12:06.391733Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Buffer overflow in respjsipmessaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

References

Affected packages

Git / github.com/asterisk/asterisk

Affected ranges

Type
GIT
Repo
https://github.com/asterisk/asterisk
Events
Introduced
85335355efb2d7914a1fe20ed31afcef15fd210c
Fixed
152d446befb93f64883b156cb58aea105d629423
Introduced
d4cc63728def7ca06ad3f70547de87bc5c9ef7c0
Fixed
1d47a3c5b8bd961ed026602889c158566eebf9b1
Introduced
a65908f83e2f17a3aca7eb39c8e06045aca02674
Fixed
a069c71f7ff8514aed0c36db990db35a71c98032
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d661052e6d2eddae58bec5a04229c105d11e18f4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a9315f8d1a0e83f728fc70648f3c72a0c8bf6699
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
474a6af80b583236e4f98723b0b9b74b25ad1b7d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
742007f881f8cb04fe543fba4dbe5404589d9f14
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ab699aa653ffbf9efe11fef940dd2cb0a80b075e
Database specific 
{
    "versions": [
        {
            "introduced": "13.0.0"
        },
        {
            "fixed": "13.27.0"
        },
        {
            "introduced": "15.0.0"
        },
        {
            "fixed": "15.7.2"
        },
        {
            "introduced": "16.0.0"
        },
        {
            "fixed": "16.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.21-cert1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.21-cert1\\-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.21-cert1\\-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.21-cert2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.21-cert3"
        }
    ]
}

Affected versions

13.*
13.21.0-rc1
13.27.0-rc1
15.*
15.7.0-rc1
16.*
16.4.0-rc1
certified/13.*
certified/13.21-cert1
certified/13.21-cert1-rc1
certified/13.21-cert1-rc2
certified/13.21-cert2
certified/13.21-cert3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12827.json"