An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. External Reference: https://security-tracker.debian.org/tracker/CVE-2019-13161
Created asterisk tracking bugs for this issue: Affects: fedora-all [bug 1737025]