FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Crash in PJSIP resource when missing a contact header

Affected packages
asterisk13 < 13.18.5

Details

VuXML ID 2a3bc6ac-e7c6-11e7-a90b-001999f8d30b
Discovery 2017-12-12
Entry 2017-12-23

The Asterisk project reports:

A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled a user would have to first be authorized before reaching the crash point.

[source]

References

CVE Name CVE-2017-17850
URL https://downloads.asterisk.org/pub/security/AST-2017-014.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.