respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "asterisk", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-config", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-dahdi", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-dahdi-dbgsym", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-dbgsym", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-dev", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-doc", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-mobile", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-mobile-dbgsym", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-modules", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-modules-dbgsym", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-mp3", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-mp3-dbgsym", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-mysql", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-mysql-dbgsym", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-ooh323", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-ooh323-dbgsym", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-tests", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-tests-dbgsym", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-vpb", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" }, { "binary_name": "asterisk-vpb-dbgsym", "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2" } ] }