Vulnerabilities > CVE-2021-31878 - Reachable Assertion vulnerability in Digium Asterisk

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

digium

CWE-617

NVD

Published: 2021-07-30

Updated: 2021-08-07

Summary

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.

Vulnerable Configurations

Part	Description	Count
Application	Digium Digium Asterisk 16.17.0 Digium Asterisk 16.18.0 Digium Asterisk 16.19.0 Digium Asterisk 18.3.0 Digium Asterisk 18.4.0 Digium Asterisk 18.5.0	6

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://downloads.digium.com/pub/security/AST-2021-007.html
http://seclists.org/fulldisclosure/2021/Jul/48
http://downloads.asterisk.org/pub/security/AST-2021-007.html
http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html
https://issues.asterisk.org/jira/browse/ASTERISK-29381