Condorlab

Asterisk – BuffOverflow – DoS


Advisory IDRSN-SIP-1564


Vulnerability Information
The multi-part body parser in PJSIP, as used in Asterisk Open Source13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash)via a crafted packet.


Release Date
2017-06-02 00:00:00


Solutions
RedShift Networks UCTM solution provides the industry’s first complete security solution developed for securing VOIP networks, endpoints and applications. Its dedicated CONDOR labs research team constantly scouts for new attack patterns, advanced penetration testing methods, vulnerabilities identification and roll out of new signatures to subscribed customers on a constant basis. For more information, visit www.redshiftnetworks.com


External Resources
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9359