CVE-2021-31878

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-31878
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31878.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-31878
Downstream
Published
2021-07-30T14:15:16Z
Modified
2025-07-29T09:55:50.676410Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.

References

Affected packages

Git / github.com/asterisk/asterisk

Affected ranges

Type
GIT
Repo
https://github.com/asterisk/asterisk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3268588c642f3a1e134ed5cd30832e0d68309427
Last affected
43c7ef23a5b639747e4fffae7122636b53943a98
Last affected
49f0e4327257c591ee092c3627ce21154dabca49
Last affected
69f8f98b8709f5504e95f7de17ea1f53f346cfd4
Last affected
77ea4d0b263053f9a9641a6fc1f873e7c13f5a84
Last affected
cd5f686bc3a55abb22421f0a416bfa05d63d8b7f

Affected versions

16.*

16.17.0
16.17.0-rc1
16.17.0-rc2
16.18.0
16.18.0-rc1
16.19.0
16.19.0-rc1

18.*

18.3.0
18.3.0-rc1
18.3.0-rc2
18.4.0
18.4.0-rc1
18.5.0
18.5.0-rc1