Test ID:	1.3.6.1.4.1.25623.1.0.145419
Category:	Denial of Service
Title:	Asterisk DoS Vulnerability (AST-2021-004)
Summary:	Asterisk is prone to a denial of service vulnerability where an; unsuspecting user could crash Asterisk with multiple hold/unhold requests.
Description:	Summary: Asterisk is prone to a denial of service vulnerability where an unsuspecting user could crash Asterisk with multiple hold/unhold requests. Vulnerability Insight: Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession. Affected Software/OS: Asterisk Open Source 16.16.0, 17.9.1, 18.2.0 and 16.8-cert5. Solution: Update to version 16.16.1, 17.9.2, 18.2.1, 16.8-cert6 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-26713 https://downloads.asterisk.org/pub/security/ https://downloads.asterisk.org/pub/security/AST-2021-004.html https://issues.asterisk.org/jira/browse/ASTERISK-29205
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.