NULL Pointer Dereference and Crash in res_pjsip_t38.c

NULL Pointer Dereference and Crash in res_pjsip_t38.c

CVE-2019-18976 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

Learn more about our Web Application Penetration Testing UK.