Asterisk – Vulnerability allow remote authenticated user can cause the target service to crash.

Advisory IDRSN-SIP-1598


Vulnerability Information


An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.

Release Date

2018-02-25 00:00:00


Technical Information


A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault.  For more information on the affected versions, CVE-2018-7286 was assigned for this bug.




The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit

External Resources


Asterisk Project Security Advisory

Common Vulnerabilities and Exposures (CVE)