CVE-2019-15297

respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.

References

Affected packages

Git / github.com/asterisk/asterisk

Affected ranges

Type: GIT
Repo: https://github.com/asterisk/asterisk
Events: Introduced

a65908f83e2f17a3aca7eb39c8e06045aca02674

Last affected

6b80f4dc0afae278361262b9d62ac53c5a56e60c

Introduced

d4cc63728def7ca06ad3f70547de87bc5c9ef7c0

Last affected

c2d9780d3d91fb44804df0db829712cff0340e44