vulnerability
FreeBSD: VID-0537AFA3-3CE0-11E7-BF9D-001999F8D30B: asterisk -- Buffer Overrun in PJSIP transaction layer
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Apr 12, 2017 | May 20, 2017 | Feb 19, 2025 |
Description
The Asterisk project reports:
A remote crash can be triggered by sending a SIP packet
to Asterisk with a specially crafted CSeq header and a
Via header with no branch parameter. The issue is that
the PJSIP RFC 2543 transaction key generation algorithm
does not allocate a large enough buffer. By overrunning
the buffer, the memory allocation table becomes corrupted,
leading to an eventual crash.
The multi-part body parser in PJSIP contains a logical
error that can make certain multi-part body parts attempt
to read memory from outside the allowed boundaries. A
specially-crafted packet can trigger these invalid reads
and potentially induce a crash.
This issues is in PJSIP, and so the issue can be fixed
without performing an upgrade of Asterisk at all. However,
we are releasing a new version of Asterisk with the bundled
PJProject updated to include the fix.
If you are running Asterisk with chan_sip, this issue
does not affect you.
Solution(s)
References
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.