CVE-2019-7251

MEDIUM

Digium Asterisk <16.1.1 - Remote Crash

Title source: llm
STIX 2.1

Description

An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.

References (2)

Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://issues.asterisk.org/jira/browse/ASTERISK-28260
Patch, Vendor Advisory x_refsource_confirm
https://downloads.asterisk.org/pub/security/AST-2019-001.html

Scores

CVSS v3 6.5
EPSS 0.0381
EPSS Percentile 88.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-190
Status published
Products (1)
digium/asterisk 15.0.0 - 15.7.2
Published Mar 28, 2019
Tracked Since Feb 18, 2026