FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Outbound INVITE loop on challenge with different nonce

Affected packages
asterisk13 < 13.37.1
asterisk16 < 16.14.1
asterisk18 < 18.0.1

Details

VuXML ID 29b7f0be-1fb7-11eb-b9d4-001999f8d30b
Discovery 2020-11-05
Entry 2020-11-05

The Asterisk project reports:

If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.

[source]

References

URL https://downloads.asterisk.org/pub/security/AST-2020-002.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.