Condorlab

Asterisk – Vulnerability Buffer overflow in Digium


Advisory IDRSN-SIP-1611

Vulnerability Information

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

Release Date

2019-06-14 00:00:00

Technical Information

Allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.


Solutions

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com


External Resources

http://downloads.digium.com/pub/security/AST-2019-002.html
https://issues.asterisk.org/jira/browse/ASTERISK-28447

Common Vulnerabilities and Exposures (CVE)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827