How severe is CVE-2021-46837?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-46837?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2021-46837 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.

Related Vulnerabilities

CVE-2011-1802

MEDIUM

CVSS:6.5(Medium)

WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).

CWE-4762011

CVE-2011-2691

MEDIUM

CVSS:6.5(Medium)

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empt...

CWE-4762011

CVE-2015-8272

MEDIUM

CVSS:6.5(Medium)

RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).

CWE-4762015

CVE-2015-8750

MEDIUM

CVSS:6.5(Medium)

libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file.

CWE-4762015

CVE-2015-8916

MEDIUM

CVSS:6.5(Medium)

bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NUL...

CWE-4762015

CVE-2016-10505

MEDIUM

CVSS:6.5(Medium)

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in ...

CWE-4762016