Product

Asterisk

Summary

Crash in PJSIP multi-part body parser

Nature of Advisory

Remote Crash

Susceptibility

Remote Unauthenticated Sessions

Severity

Critical

Exploits Known

No

Reported On

13 April, 2017

Reported By

Sandro Gauci

Posted On

Last Updated On

April 13, 2017

Advisory Contact

Mark Michelson <mark DOT michelson AT digium DOT com>

CVE Name

Description

The multi-part body parser in PJSIP contains a logical error that can make certain multi-part body parts attempt to read memory from outside the allowed boundaries. A specially-crafted packet can trigger these invalid reads and potentially induce a crash.

The issue is within the PJSIP project and not in Asterisk. Therefore, the problem can be fixed without upgrading Asterisk. However, we will be releasing a new version of Asterisk where the bundled version of PJSIP has been updated to have the bug patched.

If you are using Asterisk with chan_sip, this issue does not affect you.

Resolution

We have submitted the error report to the PJProject maintainers and have coordinated a release...........

Affected Versions

Product

Release Series

Asterisk Open Source

11.x

Unaffected

Asterisk Open Source

13.x

All versions

Asterisk Open Source

14.x

All versions

Certified Asterisk

13.13

All versions

Corrected In

Product

Release

Asterisk Open Source

13.15.1, 14.4.1

Certified Asterisk

13.13-cert4

Patches

SVN URL

Revision

Links

https://issues.asterisk.org/jira/browse/ASTERISK-26939

Asterisk Project Security Advisories are posted at http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2017-003.pdf and http://downloads.digium.com/pub/security/AST-2017-003.html

Revision History

Date

Editor

Revisions Made

13 April, 2017

Mark Michelson

Initial advisory created