Condorlab

Asterisk – Remote crash in res_pjsip_diversion – 181 responses


Advisory IDRSN-SIP-1659



Vulnerability Information

A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.


Technical Information

If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the “Supported” header. Eventually, the number of entries in the header exceeds the size of the entry array and causes a crash.


Solutions

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com


External Resources

https://seclists.org/fulldisclosure/2021/Feb/57

https://issues.asterisk.org/jira/browse/ASTERISK-29227

Common Vulnerabilities and Exposures (CVE)

https://nvd.nist.gov/vuln/detail/CVE-2020-35776