Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession. Reference: https://downloads.asterisk.org/pub/security/AST-2021-004.html
Created asterisk tracking bugs for this issue: Affects: fedora-all [bug 1930889]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Hi The upstream advisory https://downloads.asterisk.org/pub/security/AST-2021-004.html mentions CVE-2021-26713 as the assigned CVE which is as well inline with https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26713 so I guess CVE-2021-26714 used here is a typo? If so and this assumption is correct, can you adjust the Alias and the Subject for this bugzilla entry? Thanks a lot in advance, Salvatore
Hi Salvatore, I guess upstream updated the AST-2021-004 advisory with CVE-2021-26713. Anyway, the bugzilla is updated now! Thank you!
(In reply to Guilherme de Almeida Suckevicz from comment #4) > Hi Salvatore, I guess upstream updated the AST-2021-004 advisory with > CVE-2021-26713. > Anyway, the bugzilla is updated now! > > Thank you! Thank you!