var-201911-1367
Vulnerability from variot
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code. Asterisk Project Security Advisory -
Product Asterisk
Summary Re-invite with T.38 and malformed SDP causes crash.
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Minor
Exploits Known No
Reported On November 07, 2019
Reported By Salah Ahmed
Posted On November 21, 2019
Last Updated On November 21, 2019
Advisory Contact bford AT sangoma DOT com
CVE Name CVE-2019-18976
Description If Asterisk receives a re-invite initiating T.38
faxing and has a port of 0 and no c line in the SDP, a
crash will occur.
Modules Affected res_pjsip_t38.c
Resolution If T.38 faxing is not needed, then the “t38_udptl”
configuration option in pjsip.conf can be set to “no” to
disable the functionality. This option automatically
defaults to “no” and would have to be manually turned on to
experience this crash.
If T.38 faxing is needed, then Asterisk should be upgraded
to a fixed version.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All versions
Certified Asterisk 13.21 All versions
Corrected In
Product Release
Asterisk Open Source 13.29.2
Certified Asterisk 13.21-cert5
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff Asterisk 13
http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified
Asterisk
13.21-cert5
Links https://issues.asterisk.org/jira/browse/ASTERISK-28612
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at http://downloads.digium.com/pub/security/.pdf
and http://downloads.digium.com/pub/security/.html
Revision History
Date Editor Revisions Made
November 12, 2019 Ben Ford Initial Revision
November 21, 2019 Ben Ford Added “Posted On” date
Asterisk Project Security Advisory -
Copyright © 2019 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1367",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "digium",
"version": "13.21"
},
{
"model": "asterisk",
"scope": "gte",
"trust": 1.0,
"vendor": "digium",
"version": "13.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "digium",
"version": "13.29.1"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "certified asterisk",
"scope": "lte",
"trust": 0.8,
"vendor": "digium",
"version": "13.21-x"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.*"
},
{
"model": "certified asterisk",
"scope": "lte",
"trust": 0.6,
"vendor": "sangoma",
"version": "\u003c=13.21-*"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:digium:asterisk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:certified_asterisk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bford",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
},
"cve": "CVE-2019-18976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18976",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-01312",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18976",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18976",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18976",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-18976",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-01312",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1292",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code. Asterisk Project Security Advisory -\n\n Product Asterisk \n Summary Re-invite with T.38 and malformed SDP causes crash. \n Nature of Advisory Remote Crash \n Susceptibility Remote Authenticated Sessions \n Severity Minor \n Exploits Known No \n Reported On November 07, 2019 \n Reported By Salah Ahmed \n Posted On November 21, 2019 \n Last Updated On November 21, 2019 \n Advisory Contact bford AT sangoma DOT com \n CVE Name CVE-2019-18976 \n\n Description If Asterisk receives a re-invite initiating T.38 \n faxing and has a port of 0 and no c line in the SDP, a \n crash will occur. \n Modules Affected res_pjsip_t38.c \n\n Resolution If T.38 faxing is not needed, then the \u201ct38_udptl\u201d \n configuration option in pjsip.conf can be set to \u201cno\u201d to \n disable the functionality. This option automatically \n defaults to \u201cno\u201d and would have to be manually turned on to \n experience this crash. \n \n If T.38 faxing is needed, then Asterisk should be upgraded \n to a fixed version. \n\n Affected Versions \n Product Release \n Series \n Asterisk Open Source 13.x All versions \n Certified Asterisk 13.21 All versions \n\n Corrected In \n Product Release \n Asterisk Open Source 13.29.2 \n Certified Asterisk 13.21-cert5 \n\n Patches \n SVN URL Revision \n http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff Asterisk 13 \n http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified \n Asterisk \n 13.21-cert5 \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-28612 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at http://downloads.digium.com/pub/security/.pdf \n and http://downloads.digium.com/pub/security/.html \n\n Revision History\n Date Editor Revisions Made \n November 12, 2019 Ben Ford Initial Revision \n November 21, 2019 Ben Ford Added \u201cPosted On\u201d date \n\n Asterisk Project Security Advisory -\n Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18976"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "PACKETSTORM",
"id": "155436"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18976",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "155436",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2019112218",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-01312",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4421",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"id": "VAR-201911-1367",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
}
],
"trust": 0.948297215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
}
]
},
"last_update_date": "2024-11-23T21:52:07.503000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2019-008",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Code Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/196675"
},
{
"title": "Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104688"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://seclists.org/fulldisclosure/2019/nov/20"
},
{
"trust": 2.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
},
{
"trust": 2.2,
"url": "https://packetstormsecurity.com/files/155436/asterisk-project-security-advisory-ast-2019-008.html"
},
{
"trust": 1.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2019112218?affchecked=1"
},
{
"trust": 1.6,
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18976"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18976"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
},
{
"trust": 0.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asterisk-denial-of-service-via-t-38-sdp-re-invite-30937"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.diff"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-28612"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/.pdf"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/.html"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.21.diff"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"db": "PACKETSTORM",
"id": "155436"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"date": "2019-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"date": "2019-11-21T23:55:55",
"db": "PACKETSTORM",
"id": "155436"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"date": "2019-11-22T17:15:11.833000",
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01312"
},
{
"date": "2019-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012748"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1292"
},
{
"date": "2024-11-21T04:33:55.320000",
"db": "NVD",
"id": "CVE-2019-18976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sangoma Asterisk and Certified Asterisk In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012748"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1292"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.