UBUNTU-CVE-2018-1000099

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2...

CVE-2018-1000099

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2...

CVE-2018-1000098

Teluu PJSIP (Teluu PJProject) vulnerability CVE-2018-1000098: an Integer Overflow in the pjmedia SDP parser affects version 2.7.1 and earlier, potentially causing a crash when handling a specially crafted message. The issue has been fixed in version 2.7.2. Affected products are PJSIP/PJProject bu...

CVE-2018-1000098

Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2...

CVE-2018-1000099

CVE-2018-1000099 affects Teluu PJSIP up to version 2.7.1, where a null/uninitialized pointer vulnerability in pjmedia SDP parsing can crash a system. Exploitation is tied to processing specially crafted SDP messages; the issue is stated to be fixed in PJSIP 2.7.2. Connected advisories reference D...

CVE-2018-1000098

Removed by vendor...

CVE-2018-1000099

Removed by vendor...

Teluu PJSIP Null/Uninitialized Pointer Vulnerability

Teluu PJSIP is an open source, free multimedia communication library written in C. pjmedia SDP is one of the SDP parsers. A security vulnerability exists in pjmedia SDP parsing in Teluu PJSIP 2.7.1 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service crash...

Teluu PJSIP Integer Overflow Vulnerability

Teluu PJSIP is an open source, free multimedia communication library written in C. pjmedia SDP is one of the SDP parsers. An integer overflow vulnerability exists in pjmedia SDP parsing in Teluu PJSIP 2.7.1 and earlier versions. An attacker can exploit this vulnerability by sending a specially...

Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack Corruption

''' SUBSCRIBE message with a large Accept value causes stack corruption - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - Tested vulnerable versions: 15.2.0, 13.19.0, 14.7.5, 13.11.2 - References: AST-2018-004, CVE-2018-7284 - Advisory UR...

FreeBSD : asterisk and pjsip -- multiple vulnerabilities (f9f5c5a2-17b5-11e8-90b8-001999f8d30b)

The Asterisk project reports : AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. AST-2018-003 - By crafting an SDP...

DEBIAN-CVE-2018-7286

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. respjsip allows remote authenticated users to crash Asterisk segmentation fault by sending a number of SIP INVITE messages on a TCP or TLS connection and...

asterisk and pjsip -- multiple vulnerabilities

The Asterisk project reports: AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. AST-2018-003 - By crafting an SDP...

CVE-2017-17850

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel...

CVE-2017-17850

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel...

CVE-2017-17850

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel...

Authentication flaw

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel...

UBUNTU-CVE-2017-17850

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel...

FreeBSD : asterisk -- Crash in PJSIP resource when missing a contact header (2a3bc6ac-e7c6-11e7-a90b-001999f8d30b)

The Asterisk project reports : A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is...

CVE-2017-17850

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel...