FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Remote Crash Vulnerability in audio transcoding

Affected packages
asterisk13 < 13.28.1
asterisk16 < 16.5.1

Details

VuXML ID 7d53d8da-d07a-11e9-8f1a-001999f8d30b
Discovery 2019-08-07
Entry 2019-09-06

The Asterisk project reports:

When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which the message was not relevant. This change assumed that information about the origin of a frame will always exist when in reality it may not.

This issue presented itself when an RTP packet containing no audio (and thus no samples) was received. In a particular transcoding scenario this audio frame would get turned into a frame with no origin information. If this new frame was then given to the audio transcoding support a crash would occur as no samples and no origin information would be present. The transcoding scenario requires the genericplc option to be set to enabled (the default) and a transcoding path from the source format into signed linear and then from signed linear into another format.

Note that there may be other scenarios that have not been found which can cause an audio frame with no origin to be given to the audio transcoding support and thus cause a crash.

References

CVE Name CVE-2019-15639
URL https://downloads.asterisk.org/pub/security/AST-2019-005.html