PJSIP – Bug in the PJSIP library allows generating a Denial of Service in Asterisk.

Advisory IDRSN-SIP-1564

Vulnerability Information


A vulnerability that affects PJSIP allows an attacker through a customized package to trigger a DoS affecting the versions of Asterisk Open Source 13.X, 14.X and Certified Asterisk 13.13.

Release Date

2017-06-02 00:00:00

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. It combines signaling protocol (SIP) with rich multimedia framework and NAT traversal functionality into high level API that is portable and suitable for almost any type of systems ranging from desktops, embedded systems, to mobile handsets.

Technical Information


PJSIP contains a logical error that allows the memory to be read outside the permitted limits. A specially designed package can trigger these invalid readings and potentially induce a DoS. CVE-2017-9359 was assigned for this failure.



The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit

External Resources


Asterisk Project Security Advisory

Common Vulnerabilities and Exposures (CVE)