UBUNTU-CVE-2021-46837

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-46837

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-46837.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-46837

Related

CVE-2021-46837

Published

2022-08-30T07:15:00Z

Modified

2025-06-03T17:36:05Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.

References

Affected packages

Ubuntu:Pro:16.04:LTS / asterisk

Package

Name: asterisk
Purl: pkg:deb/ubuntu/asterisk@1:13.1.0~dfsg-1.1ubuntu4.1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:13.*

1:13.1.0~dfsg-1.1ubuntu3

1:13.1.0~dfsg-1.1ubuntu4

1:13.1.0~dfsg-1.1ubuntu4.1

1:13.1.0~dfsg-1.1ubuntu4.1+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / asterisk

Package

Name: asterisk
Purl: pkg:deb/ubuntu/asterisk@1:13.18.3~dfsg-1ubuntu4?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:13.*

1:13.17.2~dfsg-1ubuntu1

1:13.17.2~dfsg-2ubuntu1

1:13.18.1~dfsg-1ubuntu1

1:13.18.3~dfsg-1ubuntu1

1:13.18.3~dfsg-1ubuntu2

1:13.18.3~dfsg-1ubuntu3

1:13.18.3~dfsg-1ubuntu4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / asterisk

Package

Name: asterisk
Purl: pkg:deb/ubuntu/asterisk@1:16.2.1~dfsg-2ubuntu1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:16.*

1:16.2.1~dfsg-2build2

1:16.2.1~dfsg-2build3

1:16.2.1~dfsg-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / asterisk

Package

Name: asterisk
Purl: pkg:deb/ubuntu/asterisk@1:18.10.0~dfsg+~cs6.10.40431411-2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:18.10.0~dfsg+~cs6.10.40431411-2

Affected versions

1:16.*

1:16.16.1~dfsg-2

1:16.16.1~dfsg-4

1:16.16.1~dfsg-4build1

1:16.16.1~dfsg+~2.10-1

Ecosystem specific

{
    "ubuntu_priority": "medium",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "asterisk",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-config",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-dahdi",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-dahdi-dbgsym",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-dbgsym",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-dev",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-doc",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-mobile",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-mobile-dbgsym",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-modules",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-modules-dbgsym",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-mp3",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-mp3-dbgsym",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-mysql",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-mysql-dbgsym",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-ooh323",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-ooh323-dbgsym",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-tests",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-tests-dbgsym",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-vpb",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        },
        {
            "binary_name": "asterisk-vpb-dbgsym",
            "binary_version": "1:18.10.0~dfsg+~cs6.10.40431411-2"
        }
    ]
}