Asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2022-001 - When using STIR/SHAKEN, its possible to download files that are not certificates. These files could be much larger than what you would expect to download. AST-2022-002 - When using STIR/SHAKEN, its possible to send arbitrary requests like GET to...

FreeBSD : asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake (53fbffe6-ebf7-11eb-aef1-0897988a1c07)

The Asterisk project reports : Depending on the timing, it's possible for Asterisk to crash when using a TLS connection if the underlying socket parent/listener gets destroyed during the handshake. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

asterisk -- Remote crash in res_pjsip_diversion

The Asterisk project reports: AST-2020-003: A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri. AST-2020-004: A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri...

asterisk -- Outbound INVITE loop on challenge with different nonce

The Asterisk project reports: If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate even if the call is hung up,...

asterisk and pjsip -- multiple vulnerabilities

The Asterisk project reports: AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. AST-2018-003 - By crafting an SDP...

AST-2014-014: High call load may result in hung channels in ConfBridge.

Asterisk Project Security Advisory - AST-2014-014 Product Asterisk Summary High call load may result in hung channels in ConfBridge. Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On 19 October, 2014 Reported By Ben...

AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.

Asterisk Project Security Advisory - AST-2014-001 Product Asterisk Summary Stack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On February 21, 2014 Reported By Lucas...

AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2012-008 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 22, 2012 Reported By Christoph Hebeisen...

AST-2012-007: Remote crash vulnerability in IAX2 channel driver.

Asterisk Project Security Advisory - AST-2012-007 Product Asterisk Summary Remote crash vulnerability in IAX2 channel driver. Nature of Advisory Remote crash Susceptibility Established calls Severity Moderate Exploits Known No Reported On March 21, 2012 Reported By mgrobecker Posted On May 29, 20...

asterisk -- multiple vulnerabilities

Asterisk project reports: Stack Buffer Overflow in HTTP Manager Remote Crash Vulnerability in Milliwatt Application...