Asterisk chan_pjsip 15.2.0 - SDP Denial of Service

Asterisk chanpjsip 15.2.0 - SDP Denial of Service ''' Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-002 - Enable Security Advisory...

Asterisk chan_pjsip 15.2.0 - SUBSCRIBE Stack Corruption

Asterisk chanpjsip 15.2.0 - SUBSCRIBE Stack Corruption ''' SUBSCRIBE message with a large Accept value causes stack corruption - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - Tested vulnerable versions: 15.2.0, 13.19.0, 14.7.5, 13.11.2 ...

Asterisk chan_pjsip 15.2.0 - INVITE Denial of Service

Asterisk chanpjsip 15.2.0 - INVITE Denial of Service ''' Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip installed with --with-pjproject-bundled -...

Asterisk 15.2.0 chan_pjsip SDP Media Format Denial Of Service Exploit

Asterisk running chanpjsip suffers from an SDP message related denial of service vulnerability. Versions affected include 13.10.0, 15.1.3, 15.1.4, 15.1.5, and 15.2.0. Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia - Sandro Gauci -...

Asterisk 15.2.0 chan_pjsip INVITE Denial Of Service Exploit

Asterisk running chanpjsip suffers from an INVITE message denial of service vulnerability. Versions affected include Versions affected include 15.2.0, 15.1.0, 15.0.0, 13.19.0, 13.11.2, and 14.7.5. Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport - Authors: ...

Asterisk 15.2.0 chan_pjsip SUBSCRIBE Stack Corruption Exploit

Asterisk running chanpjsip suffers from a SUBSCRIBE message stack corruption vulnerability. Vulnerable versions include 15.2.0, 13.19.0, 14.7.5, and 13.11.2. SUBSCRIBE message with a large Accept value causes stack corruption - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version...

Asterisk 15.2.0 chan_pjsip SDP fmtp Denial Of Service Exploit

Asterisk version 15.2.0 running chanpjsip suffers from an SDP message related denial of service vulnerability. Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip -...

Asterisk chan_pjsip 15.2.0 - 'SDP' Denial of Service

''' Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-002 - Enable Security Advisory: - Vendor Advisory: - Tested vulnerable versions:...

Asterisk chan_pjsip 15.2.0 - 'SDP fmtp' Denial of Service

''' Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-003 - Enable Security Advisory: - Vendor Advisory: - Timeline: - Issue reported to vendor:...

Asterisk chan_pjsip 15.2.0 - 'INVITE' Denial of Service

''' Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip installed with --with-pjproject-bundled - References: AST-2018-005, CVE-2018-7286 - Enable Securi...

Asterisk 15.2.0 chan_pjsip SDP Media Format Denial Of Service

Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-002 - Enable Security Advisory: - Vendor Advisory: - Tested vulnerable versions:...

Asterisk 15.2.0 chan_pjsip INVITE Denial Of Service

Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip installed with --with-pjproject-bundled - References: AST-2018-005, CVE-2018-7286 - Enable Security...

Asterisk 15.2.0 chan_pjsip SDP fmtp Denial Of Service

Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-003 - Enable Security Advisory: - Vendor Advisory: - Timeline: - Issue reported to vendor:...

Asterisk Denial of Service Vulnerability (CNVD-2017-09858)

Asterisk is an open source software PBX that supports a variety of VoIP protocols and devices. The Asterisk chanpjsip and PJSIP denial of service vulnerabilities allow attackers to exploit this vulnerability by submitting a special request to crash the application or launch a denial of service...

Code injection

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashe...

CVE-2016-9938

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chansip channel driver has a liberal definition for whitespace when attempting to strip the content betwe...

FreeBSD : asterisk -- Remote Crash Vulnerability in WebSocket Server (94268da0-8118-11e4-a180-001999f8d30b)

The Asterisk project reports : When handling a WebSocket frame the reshttpwebsocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would...

AST-2014-019: Remote Crash Vulnerability in WebSocket Server

Asterisk Project Security Advisory - AST-2014-019 Product Asterisk Summary Remote Crash Vulnerability in WebSocket Server Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On 30 October 2014 Reported By Badalian...

DEBIAN-CVE-2014-8415

Race condition in the chanpjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service assertion failure and crash via a cancel request for a SIP session with a queued action to 1 answer a session or 2 send ringing...