Asterisk – Remote crash in res_pjsip_session

Advisory IDRSN-SIP-1657

Vulnerability Information

This is a crash within PJSIP whereby under heavy load the INVITE transaction on an INVITE session may not be set when sending a response, resulting in a crash.

Technical Information

Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a “gap” between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this “gap”. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.

Note, however that this crash can only occur when using a connection oriented protocol (e.g. TCP, TLS) for the SIP transport. If you are using UDP then your system should not be affected.

As well, the remote client must be authenticated, or Asterisk must be configured for anonymous calling in order for this problem to manifest.


The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit

External Resources

Common Vulnerabilities and Exposures (CVE)