An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Asterisk | Digium | * | 13.38.0 (excluding) |
| Asterisk | Digium | 14.0 (including) | 16.15.0 (excluding) |
| Asterisk | Digium | 17.0 (including) | 17.9.0 (excluding) |
| Asterisk | Digium | 18.0 (including) | 18.1.0 (excluding) |
| Asterisk | Ubuntu | bionic | * |
| Asterisk | Ubuntu | focal | * |
| Asterisk | Ubuntu | groovy | * |
| Asterisk | Ubuntu | hirsute | * |
| Asterisk | Ubuntu | impish | * |
| Asterisk | Ubuntu | kinetic | * |
| Asterisk | Ubuntu | lunar | * |
| Asterisk | Ubuntu | mantic | * |
| Asterisk | Ubuntu | oracular | * |
| Asterisk | Ubuntu | plucky | * |
| Asterisk | Ubuntu | trusty | * |
| Asterisk | Ubuntu | xenial | * |
References
- https://downloads.asterisk.org/pub/security/AST-2020-003.html
- https://downloads.asterisk.org/pub/security/AST-2020-004.html
- https://issues.asterisk.org/jira/browse/ASTERISK-29191
- https://issues.asterisk.org/jira/browse/ASTERISK-29219
- https://downloads.asterisk.org/pub/security/AST-2020-003.html
- https://downloads.asterisk.org/pub/security/AST-2020-004.html
- https://issues.asterisk.org/jira/browse/ASTERISK-29191
- https://issues.asterisk.org/jira/browse/ASTERISK-29219