CVE-2021-26717

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-26717
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26717.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-26717
Downstream
Published
2021-02-18T20:15:12.667Z
Modified
2026-04-10T04:31:21.081128Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.

References

Affected packages

Git / github.com/asterisk/asterisk

Affected ranges

Type
GIT
Repo
https://github.com/asterisk/asterisk
Events
Introduced
a65908f83e2f17a3aca7eb39c8e06045aca02674
Fixed
3cd8afbdf2c6dffe80c631a5336e21bb1827a5cd
Introduced
5ffe12b6ef30cd503f85d75745fd8d9c2cfafe47
Fixed
fdaf2d0689b7a8928a45019c9af14c53bcdfa6e3
Introduced
2c1bba3cbec008c8ce35c78a2c79f9f207ea58bc
Fixed
332130c4389803a3c7e63cabf00daf5ac66a3068
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d436f568583184a13aa46349af5a3f0907087b44
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
476bbcf3a3a8439c469ab31677cc87bbfd2fb214
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7b8157645f8c5f8599f160cd3374d2763564b55f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d1bb76a27d2b8b4e4d32e77e8090997400f1d46d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3d317239d5e94f07d387b31c46a6733cbc43e5ef
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bbaf9042cff308827c91e8235179b7ba27b48a33
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4d7a90d4e2c408af10dce738d6fc5ca491fcc83e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
21635f1e4075f13c8aabc6d9abdf183df416156b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
aabb04054a92d531c2ed82832e6d155a297253d1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
017416381fdcb5d222de2c2f39b17672506b061b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cb9f1759fb996c99d5391135dd97db6f1e2d3387
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f777a0d87982e4f780099257e8157ec5341fb488
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
10b274d1aba4fc2cf2a8cabcb66eb2a049e2250f
Database specific 
{
    "versions": [
        {
            "introduced": "16.0.0"
        },
        {
            "fixed": "16.16.1"
        },
        {
            "introduced": "17.0.0"
        },
        {
            "fixed": "17.9.2"
        },
        {
            "introduced": "18.0"
        },
        {
            "fixed": "18.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert1\\-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert1\\-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert1\\-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert1\\-rc4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert4\\-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert4\\-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert4\\-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert4\\-rc4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.8-cert5"
        }
    ]
}

Affected versions

16.*
16.16.0
16.16.0-rc1
16.8.0
16.8.0-rc1
16.8.0-rc2
17.*
17.9.0
17.9.0-rc1
17.9.1
18.*
18.2.0
18.2.0-rc1
certified/16.*
certified/16.8-cert1
certified/16.8-cert1-rc1
certified/16.8-cert1-rc2
certified/16.8-cert1-rc3
certified/16.8-cert1-rc4
certified/16.8-cert1-rc5
certified/16.8-cert2
certified/16.8-cert3
certified/16.8-cert4
certified/16.8-cert4-rc1
certified/16.8-cert4-rc2
certified/16.8-cert4-rc3
certified/16.8-cert4-rc4
certified/16.8-cert5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26717.json"