693 matches found
CVE-2017-17850
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel...
asterisk -- Crash in PJSIP resource when missing a contact header
The Asterisk project reports: A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is...
Integer overflow
An issue was discovered in Teluu pjproject pjlib and pjlib-util in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow,...
CVE-2017-16875
An issue was discovered in Teluu pjproject pjlib and pjlib-util in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow,...
CVE-2017-16875
An issue was discovered in Teluu pjproject pjlib and pjlib-util in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow,...
CVE-2017-16875
CVE-2017-16875 affects Teluu pjproject (PJLIB/PJLIB-UTIL) in PJSIP prior to 2.7.1. The ioqueue component may perform a double key unregistration after a crafted socket sequence, triggering an integer overflow that can cause ioqueue backends to reject future key registrations. Affected software is...
CVE-2017-16875
Removed by vendor...
CVE-2017-16872
An issue was discovered in Teluu pjproject pjlib and pjlib-util in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message like cseq, ttl, port, etc. all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted bac...
CVE-2017-16872
CVE-2017-16872 affects Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The issue arises when parsing numeric SIP header fields (e.g., CSeq, ttl, port); values can overflow and may be captured incorrectly or cause a buffer overrun if converted back to strings, enabling a potential ex...
CVE-2017-16872
An issue was discovered in Teluu pjproject pjlib and pjlib-util in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message like cseq, ttl, port, etc. all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted bac...
CVE-2017-16872
Removed by vendor...
FreeBSD : asterisk -- Memory/File Descriptor/RTP leak in pjsip session resource (be261737-c535-11e7-8da5-001999f8d30b)
The Asterisk project reports : A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. This then leads to file descriptors and RTP ports being leake...
CVE-2017-16672
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully...
CVE-2017-16672
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully...
Memory corruption
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully...
DEBIAN-CVE-2017-16672
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully...
CVE-2017-16672
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully...
Digium Asterisk Open Source Memory Disclosure Vulnerability
Digium Asterisk Open Source and Certified Asterisk is open source telephone switch PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, and interactive voice response IVR. A memory leak vulnerability exists in Digium Asterisk Open Source when...
asterisk -- Memory/File Descriptor/RTP leak in pjsip session resource
The Asterisk project reports: A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. This then leads to file descriptors and RTP ports being leaked...
Updated pjproject packages fix security vulnerabilities
Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service CVE-2017-9359, CVE-2017-9372...