asterisk -- Exploitable Stack Buffer Overflow

2011-01-18T00:00:00
ID 5AB9FB2A-23A5-11E0-A835-0003BA02BF30
Type freebsd
Reporter FreeBSD
Modified 2011-01-18T00:00:00

Description

The Asterisk Development Team reports:

The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2, 1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while in pedantic mode, which can cause a stack buffer to be made to overflow if supplied with carefully crafted caller ID information. The issue and resolution are described in the AST-2011-001 security advisory.