Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
{
"cpe": [
"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "13.0.0"
},
{
"last_affected": "13.38.2"
},
{
"introduced": "16.0.0"
},
{
"fixed": "16.16.1"
},
{
"introduced": "17.0.0"
},
{
"fixed": "17.9.2"
},
{
"introduced": "18.0"
},
{
"fixed": "18.2.1"
},
{
"introduced": "16.8-NA"
},
{
"last_affected": "16.8-NA"
},
{
"introduced": "16.8-cert1\\-rc1"
},
{
"last_affected": "16.8-cert1\\-rc1"
},
{
"introduced": "16.8-cert1\\-rc2"
},
{
"last_affected": "16.8-cert1\\-rc2"
},
{
"introduced": "16.8-cert1\\-rc3"
},
{
"last_affected": "16.8-cert1\\-rc3"
},
{
"introduced": "16.8-cert1\\-rc4"
},
{
"last_affected": "16.8-cert1\\-rc4"
},
{
"introduced": "16.8-cert2"
},
{
"last_affected": "16.8-cert2"
},
{
"introduced": "16.8-cert3"
},
{
"last_affected": "16.8-cert3"
},
{
"introduced": "16.8-cert4"
},
{
"last_affected": "16.8-cert4"
},
{
"introduced": "16.8-cert4\\-rc1"
},
{
"last_affected": "16.8-cert4\\-rc1"
},
{
"introduced": "16.8-cert4\\-rc2"
},
{
"last_affected": "16.8-cert4\\-rc2"
},
{
"introduced": "16.8-cert4\\-rc3"
},
{
"last_affected": "16.8-cert4\\-rc3"
},
{
"introduced": "16.8-cert4\\-rc4"
},
{
"last_affected": "16.8-cert4\\-rc4"
},
{
"introduced": "16.8-cert5"
},
{
"last_affected": "16.8-cert5"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}