FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Remote Crash Vulnerability in PJSIP channel driver

Affected packages
16.17.0 <= asterisk16 < 16.19.1
18.3.0 <= asterisk18 < 18.5.1

Details

VuXML ID ffa364e1-ebf5-11eb-aef1-0897988a1c07
Discovery 2021-04-06
Entry 2021-07-23

The Asterisk project reports:

When Asterisk receives a re-INVITE without SDP after having sent a BYE request a crash will occur. This occurs due to the Asterisk channel no longer being present while code assumes it is.

References

CVE Name CVE-2021-31878
URL https://downloads.asterisk.org/pub/security/AST-2021-007.html