{"id":"CVE-2021-26906","details":"An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.","modified":"2026-04-10T04:31:23.809882Z","published":"2021-02-18T20:15:12.743Z","references":[{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"},{"type":"ADVISORY","url":"https://downloads.asterisk.org/pub/security/"},{"type":"ADVISORY","url":"https://downloads.asterisk.org/pub/security/AST-2021-005.html"},{"type":"FIX","url":"http://seclists.org/fulldisclosure/2021/Feb/61"},{"type":"FIX","url":"https://issues.asterisk.org/jira/browse/ASTERISK-29196"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/asterisk/asterisk","events":[{"introduced":"85335355efb2d7914a1fe20ed31afcef15fd210c"},{"fixed":"fbaea22493a6061d4bdc87bddc0cb5971e5f71d9"},{"introduced":"a65908f83e2f17a3aca7eb39c8e06045aca02674"},{"fixed":"3cd8afbdf2c6dffe80c631a5336e21bb1827a5cd"},{"introduced":"5ffe12b6ef30cd503f85d75745fd8d9c2cfafe47"},{"fixed":"fdaf2d0689b7a8928a45019c9af14c53bcdfa6e3"},{"introduced":"2c1bba3cbec008c8ce35c78a2c79f9f207ea58bc"},{"fixed":"332130c4389803a3c7e63cabf00daf5ac66a3068"},{"introduced":"0"},{"last_affected":"d436f568583184a13aa46349af5a3f0907087b44"},{"introduced":"0"},{"last_affected":"476bbcf3a3a8439c469ab31677cc87bbfd2fb214"},{"introduced":"0"},{"last_affected":"7b8157645f8c5f8599f160cd3374d2763564b55f"},{"introduced":"0"},{"last_affected":"d1bb76a27d2b8b4e4d32e77e8090997400f1d46d"},{"introduced":"0"},{"last_affected":"3d317239d5e94f07d387b31c46a6733cbc43e5ef"},{"introduced":"0"},{"last_affected":"bbaf9042cff308827c91e8235179b7ba27b48a33"},{"introduced":"0"},{"last_affected":"4d7a90d4e2c408af10dce738d6fc5ca491fcc83e"},{"introduced":"0"},{"last_affected":"21635f1e4075f13c8aabc6d9abdf183df416156b"},{"introduced":"0"},{"last_affected":"aabb04054a92d531c2ed82832e6d155a297253d1"},{"introduced":"0"},{"last_affected":"017416381fdcb5d222de2c2f39b17672506b061b"},{"introduced":"0"},{"last_affected":"cb9f1759fb996c99d5391135dd97db6f1e2d3387"},{"introduced":"0"},{"last_affected":"f777a0d87982e4f780099257e8157ec5341fb488"},{"introduced":"0"},{"last_affected":"10b274d1aba4fc2cf2a8cabcb66eb2a049e2250f"}],"database_specific":{"versions":[{"introduced":"13.0.0"},{"fixed":"13.38.2"},{"introduced":"16.0.0"},{"fixed":"16.16.1"},{"introduced":"17.0.0"},{"fixed":"17.9.2"},{"introduced":"18.0"},{"fixed":"18.2.1"},{"introduced":"0"},{"last_affected":"16.8-NA"},{"introduced":"0"},{"last_affected":"16.8-cert1\\-rc1"},{"introduced":"0"},{"last_affected":"16.8-cert1\\-rc2"},{"introduced":"0"},{"last_affected":"16.8-cert1\\-rc3"},{"introduced":"0"},{"last_affected":"16.8-cert1\\-rc4"},{"introduced":"0"},{"last_affected":"16.8-cert2"},{"introduced":"0"},{"last_affected":"16.8-cert3"},{"introduced":"0"},{"last_affected":"16.8-cert4"},{"introduced":"0"},{"last_affected":"16.8-cert4\\-rc1"},{"introduced":"0"},{"last_affected":"16.8-cert4\\-rc2"},{"introduced":"0"},{"last_affected":"16.8-cert4\\-rc3"},{"introduced":"0"},{"last_affected":"16.8-cert4\\-rc4"},{"introduced":"0"},{"last_affected":"16.8-cert5"}]}}],"versions":["13.38.0","13.38.0-rc1","13.38.1","16.16.0","16.16.0-rc1","16.8.0","16.8.0-rc1","16.8.0-rc2","17.9.0","17.9.0-rc1","17.9.1","18.2.0","18.2.0-rc1","certified/16.8-cert1","certified/16.8-cert1-rc1","certified/16.8-cert1-rc2","certified/16.8-cert1-rc3","certified/16.8-cert1-rc4","certified/16.8-cert1-rc5","certified/16.8-cert2","certified/16.8-cert3","certified/16.8-cert4","certified/16.8-cert4-rc1","certified/16.8-cert4-rc2","certified/16.8-cert4-rc3","certified/16.8-cert4-rc4","certified/16.8-cert5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26906.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}