An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
The product does not release or incorrectly releases a resource before it is made available for re-use.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Asterisk | Digium | 13.0.0 (including) | 13.38.2 (excluding) |
| Asterisk | Digium | 16.0.0 (including) | 16.16.1 (excluding) |
| Asterisk | Digium | 17.0.0 (including) | 17.9.2 (excluding) |
| Asterisk | Digium | 18.0 (including) | 18.2.1 (excluding) |
| Certified_asterisk | Digium | 16.8 (including) | 16.8 (including) |
| Certified_asterisk | Digium | 16.8-cert1-rc1 (including) | 16.8-cert1-rc1 (including) |
| Certified_asterisk | Digium | 16.8-cert1-rc2 (including) | 16.8-cert1-rc2 (including) |
| Certified_asterisk | Digium | 16.8-cert1-rc3 (including) | 16.8-cert1-rc3 (including) |
| Certified_asterisk | Digium | 16.8-cert1-rc4 (including) | 16.8-cert1-rc4 (including) |
| Certified_asterisk | Digium | 16.8-cert2 (including) | 16.8-cert2 (including) |
| Certified_asterisk | Digium | 16.8-cert3 (including) | 16.8-cert3 (including) |
| Certified_asterisk | Digium | 16.8-cert4 (including) | 16.8-cert4 (including) |
| Certified_asterisk | Digium | 16.8-cert4-rc1 (including) | 16.8-cert4-rc1 (including) |
| Certified_asterisk | Digium | 16.8-cert4-rc2 (including) | 16.8-cert4-rc2 (including) |
| Certified_asterisk | Digium | 16.8-cert4-rc3 (including) | 16.8-cert4-rc3 (including) |
| Certified_asterisk | Digium | 16.8-cert4-rc4 (including) | 16.8-cert4-rc4 (including) |
| Certified_asterisk | Digium | 16.8-cert5 (including) | 16.8-cert5 (including) |
| Asterisk | Ubuntu | trusty | * |