Asterisk – Bug in chan_sip allows to generate a DoS in Asterisk products

Advisory IDRSN-SIP-1555

Vulnerability Information


A vulnerability in chan_sip allows to trigger a denial of service in Asterisk Open Source 11.X, 13.X and Certified Asterisk 11.6,13.8.

Release Date

2017-04-17 00:00:00


Asterisk is an open source framework for the creation of communications applications. Asterisk turns a normal computer into a communications server. Asterisk works with IP PBX systems, VoIP gateways, call centers, conference servers and other customized solutions.

Technical Information


This vulnerability identified with the CVE-2016-7551 allows under a custom sequence of SIP requests or manipulating the function of marking in chain_sip to exhaust the resources in a port due to the fact that it does not correctly release old memory fields generating a DoS.




The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit

External Resources


Asterisk Project Security Advisory

Common Vulnerabilities and Exposures (CVE)