CVE-2019-7251 : An Integer Signedness issue (for a return code) in the res_pjsip_sdp

An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.

Published 2019-03-28 17:29:02

Updated 2019-04-01 18:14:50

Source MITRE

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2019-7251

Digium » Asterisk
Versions from including (>=) 15.0.0 and before (<) 15.7.2
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Matching versions
Digium » Asterisk
Versions from including (>=) 16.0.0 and before (<) 16.2.1
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2019-7251

Top countries where our scanners detected CVE-2019-7251

Top open port discovered on systems with this issue 80

IPs affected by CVE-2019-7251 1,820

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2019-7251!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2019-7251

EPSS FAQ

4.64%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-7251

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2019-7251

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-7251

https://downloads.asterisk.org/pub/security/AST-2019-001.html

AST-2019-001
Patch;Vendor Advisory
https://issues.asterisk.org/jira/browse/ASTERISK-28260

[ASTERISK-28260] Asterisk segfault when rtp negotiation is wrong or fails - Digium/Asterisk JIRA
Issue Tracking;Vendor Advisory