Asterisk Security Team
2017-May-19 21:54 UTC
[asterisk-announce] AST-2017-003: Crash in PJSIP multi-part body parser
Asterisk Project Security Advisory - AST-2017-003 Product Asterisk Summary Crash in PJSIP multi-part body parser Nature of Advisory Remote Crash Susceptibility Remote Unauthenticated Sessions Severity Critical Exploits Known No Reported On 13 April, 2017 Reported By Sandro Gauci Posted On Last Updated On April 13, 2017 Advisory Contact Mark Michelson <mark DOT michelson AT digium DOT com> CVE Name Description The multi-part body parser in PJSIP contains a logical error that can make certain multi-part body parts attempt to read memory from outside the allowed boundaries. A specially-crafted packet can trigger these invalid reads and potentially induce a crash. The issue is within the PJSIP project and not in Asterisk. Therefore, the problem can be fixed without upgrading Asterisk. However, we will be releasing a new version of Asterisk where the bundled version of PJSIP has been updated to have the bug patched. If you are using Asterisk with chan_sip, this issue does not affect you. Resolution We have submitted the error report to the PJProject maintainers and have coordinated a release........... Affected Versions Product Release Series Asterisk Open Source 11.x Unaffected Asterisk Open Source 13.x All versions Asterisk Open Source 14.x All versions Certified Asterisk 13.13 All versions Corrected In Product Release Asterisk Open Source 13.15.1, 14.4.1 Certified Asterisk 13.13-cert4 Patches SVN URL Revision Links https://issues.asterisk.org/jira/browse/ASTERISK-26939 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2017-003.pdf and http://downloads.digium.com/pub/security/AST-2017-003.html Revision History Date Editor Revisions Made 13 April, 2017 Mark Michelson Initial advisory created Asterisk Project Security Advisory - AST-2017-003 Copyright (c) 2017 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
Reasonably Related Threads
- AST-2017-002: Buffer Overrun in PJSIP transaction layer
- AST-2017-004: Memory exhaustion on short SCCP packets
- AST-2018-003: Crash with an invalid SDP fmtp attribute
- AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions
- AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions