Out-of-bounds

The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet...

CVE-2017-9359

CVE-2017-9359 affects the PJProject/PJSIP multi-part body parser used by Asterisk Open Source (13.x prior to 13.15.1; 14.x prior to 14.4.1) and Certified Asterisk (and other products). The vulnerability arises in the body parser handling crafted packets, allowing remote attackers to cause a denia...

Asterisk Multiple DoS Vulnerabilities (May 2017)

Asterisk is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

FreeBSD : asterisk -- Buffer Overrun in PJSIP transaction layer (0537afa3-3ce0-11e7-bf9d-001999f8d30b)

The Asterisk project reports : A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...

asterisk -- Buffer Overrun in PJSIP transaction layer

The Asterisk project reports: A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...