Note:
This project will be discontinued after December 13, 2021. [more]
2019-09-09
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.
| Products | Asterisk |
| Type | Improper Input Validation (CWE-20) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://downloads.asterisk.org/pub/security/AST-2019-005.html
• http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html |