UBUNTU-CVE-2021-46837
- Source
- https://ubuntu.com/security/CVE-2021-46837
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-46837.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-46837
- Upstream
- Published
- 2022-08-30T07:15:00Z
- Modified
- 2025-10-24T04:50:41Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/ubuntu/asterisk@1:13.1.0~dfsg-1.1ubuntu4.1+esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:13.*
1:13.1.0~dfsg-1.1ubuntu3
1:13.1.0~dfsg-1.1ubuntu4
1:13.1.0~dfsg-1.1ubuntu4.1
1:13.1.0~dfsg-1.1ubuntu4.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-config"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-dahdi"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-dev"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-mobile"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-modules"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-mp3"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-mysql"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-ooh323"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-voicemail"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-voicemail-imapstorage"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-voicemail-odbcstorage"
},
{
"binary_version": "1:13.1.0~dfsg-1.1ubuntu4.1+esm1",
"binary_name": "asterisk-vpb"
}
]
}
Ubuntu:18.04:LTS / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/ubuntu/asterisk@1:13.18.3~dfsg-1ubuntu4?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:13.*
1:13.17.2~dfsg-1ubuntu1
1:13.17.2~dfsg-2ubuntu1
1:13.18.1~dfsg-1ubuntu1
1:13.18.3~dfsg-1ubuntu1
1:13.18.3~dfsg-1ubuntu2
1:13.18.3~dfsg-1ubuntu3
1:13.18.3~dfsg-1ubuntu4
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-config"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-dahdi"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-dev"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-mobile"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-modules"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-mp3"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-mysql"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-ooh323"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-tests"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-voicemail"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-voicemail-imapstorage"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-voicemail-odbcstorage"
},
{
"binary_version": "1:13.18.3~dfsg-1ubuntu4",
"binary_name": "asterisk-vpb"
}
]
}
Ubuntu:20.04:LTS / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/ubuntu/asterisk@1:16.2.1~dfsg-2ubuntu1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-config"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-dahdi"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-dev"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-mobile"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-modules"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-mp3"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-mysql"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-ooh323"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-tests"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-voicemail"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-voicemail-imapstorage"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-voicemail-odbcstorage"
},
{
"binary_version": "1:16.2.1~dfsg-2ubuntu1",
"binary_name": "asterisk-vpb"
}
]
}