FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Buffer overflow in pjproject header parsing can cause crash in Asterisk

Affected packages
asterisk13 < 13.18.1
pjsip < 2.7.1
pjsip-extsrtp < 2.7.1

Details

VuXML ID 19b052c9-c533-11e7-8da5-001999f8d30b
Discovery 2017-10-05
Entry 2017-11-09
Modified 2017-11-15

The Asterisk project reports:

By carefully crafting invalid values in the Cseq and the Via header port, pjprojects packet parsing code can create strings larger than the buffer allocated to hold them. This will usually cause Asterisk to crash immediately. The packets do not have to be authenticated.

[source]

References

URL https://downloads.asterisk.org/pub/security/AST-2017-009.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.