CVE-2019-15639
HIGHAsterisk 13.0.0-13.28.0 - Denial of Service via RTP Packet
Title source: llmDescription
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html
Vendor Advisory x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2019-005.html
Scores
CVSS v3
7.5
EPSS
0.2192
EPSS Percentile
97.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (1)
digium/asterisk
13.0.0 - 13.28.0
Published
Sep 09, 2019
Tracked Since
Feb 18, 2026