FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Remote attacker could prematurely tear down SRTP calls

Affected packages
13.38.1 <= asterisk13 < 13.38.2
16.16.0 <= asterisk16 < 16.16.1
18.2.0 <= asterisk18 < 18.2.1

Details

VuXML ID 5d8ef725-7228-11eb-8386-001999f8d30b
Discovery 2021-02-18
Entry 2021-02-18

The Asterisk project reports:

An unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely.

References

CVE Name CVE-2021-26712
URL https://downloads.asterisk.org/pub/security/AST-2021-003.html