CVE-2021-32558
HIGHAsterisk DoS via IAX2 Unsupported Media Format Packet
Title source: llmDescription
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
References (6)
Core 6
Core References
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Jul/49
Patch, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html
Patch, Vendor Advisory x_refsource_misc
https://downloads.asterisk.org/pub/security/AST-2021-008.html
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://issues.asterisk.org/jira/browse/ASTERISK-29392
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2021/dsa-4999
Scores
CVSS v3
7.5
EPSS
0.0911
EPSS Percentile
94.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-74
Status
published
Products (4)
debian/debian_linux
9.0
debian/debian_linux
11.0
digium/asterisk
13.0.0 - 13.38.3
digium/certified_asterisk
16.8 (17 CPE variants)
Published
Jul 30, 2021
Tracked Since
Feb 18, 2026