The Asterisk project reports:
A select set of SIP messages create a dialog in Asterisk.
Those SIP messages must contain a contact header. For
those messages, if the header was not present and using
the PJSIP channel driver, it would cause Asterisk to
crash. The severity of this vulnerability is somewhat
mitigated if authentication is enabled. If authentication
is enabled a user would have to first be authorized before
reaching the crash point.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | asterisk13 | < 13.18.5 | UNKNOWN |