FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Long Contact URIs in REGISTER requests can crash Asterisk

Affected packages
asterisk13 < 13.8.1

Details

VuXML ID ee50726e-0319-11e6-aa86-001999f8d30b
Discovery 2016-01-19
Entry 2016-04-15

The Asterisk project reports:

Asterisk may crash when processing an incoming REGISTER request if that REGISTER contains a Contact header with a lengthy URI.

This crash will only happen for requests that pass authentication. Unauthenticated REGISTER requests will not result in a crash occurring.

This vulnerability only affects Asterisk when using PJSIP as its SIP stack. The chan_sip module does not have this problem.

References

URL http://downloads.asterisk.org/pub/security/AST-2016-004.html