CVE-2019-12827

CVE Database · CVE-2019-12827

CVE-2019-12827

· N/AModified

CVSS v3.1

N/A

EPSS

4.23%

Published

Jul 12, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

Weaknesses (CWE)

CWE-787

Affected Products (8)

digium · asterisk (up to 13.27.0)vulnerable

digium · asterisk (up to 15.7.2)vulnerable

digium · asterisk (up to 16.4.0)vulnerable

digium · certified_asteriskvulnerable

References (4)

http://downloads.digium.com/pub/security/AST-2019-002.html

Vendor Advisory

https://issues.asterisk.org/jira/browse/ASTERISK-28447

Vendor Advisory

http://downloads.digium.com/pub/security/AST-2019-002.html

Vendor Advisory

https://issues.asterisk.org/jira/browse/ASTERISK-28447

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs