Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-972FE546-1FB6-11EB-B9D4-001999F8D30B: asterisk -- Remote crash in res_pjsip_session

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

FreeBSD: VID-972FE546-1FB6-11EB-B9D4-001999F8D30B: asterisk -- Remote crash in res_pjsip_session

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

11/05/2020

Created

11/10/2020

Added

11/06/2020

Modified

11/06/2020

Description

The Asterisk project reports:

Upon receiving a new SIP Invite, Asterisk did not

return the created dialog locked or referenced. This

caused a gap between the creation of the dialog object,

and its next use by the thread that created it. Depending

upon some off nominal circumstances, and timing it was

possible for another thread to free said dialog in this

gap. Asterisk could then crash when the dialog object,

or any of its dependent objects were de-referenced, or

accessed next by the initial creation thread.

Solution(s)

freebsd-upgrade-package-asterisk13
freebsd-upgrade-package-asterisk16
freebsd-upgrade-package-asterisk18

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-972FE546-1FB6-11EB-B9D4-001999F8D30B: asterisk -- Remote crash in res_pjsip_session

FreeBSD: VID-972FE546-1FB6-11EB-B9D4-001999F8D30B: asterisk -- Remote crash in res_pjsip_session

Description

Solution(s)

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.