Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-972FE546-1FB6-11EB-B9D4-001999F8D30B: asterisk -- Remote crash in res_pjsip_session

Back to Search

FreeBSD: VID-972FE546-1FB6-11EB-B9D4-001999F8D30B: asterisk -- Remote crash in res_pjsip_session

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
11/05/2020
Created
11/10/2020
Added
11/06/2020
Modified
11/06/2020

Description

The Asterisk project reports:

Upon receiving a new SIP Invite, Asterisk did not

return the created dialog locked or referenced. This

caused a gap between the creation of the dialog object,

and its next use by the thread that created it. Depending

upon some off nominal circumstances, and timing it was

possible for another thread to free said dialog in this

gap. Asterisk could then crash when the dialog object,

or any of its dependent objects were de-referenced, or

accessed next by the initial creation thread.

Solution(s)

  • freebsd-upgrade-package-asterisk13
  • freebsd-upgrade-package-asterisk16
  • freebsd-upgrade-package-asterisk18

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;