An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
Weakness
The product does not release or incorrectly releases a resource before it is made available for re-use.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Asterisk | Digium | 13.0.0 (including) | 13.38.2 (excluding) |
| Asterisk | Digium | 16.0.0 (including) | 16.16.1 (excluding) |
| Asterisk | Digium | 17.0.0 (including) | 17.9.2 (excluding) |
| Asterisk | Digium | 18.0 (including) | 18.2.1 (excluding) |
| Certified_asterisk | Digium | 16.8 (including) | 16.8 (including) |
| Certified_asterisk | Digium | 16.8-cert1-rc1 (including) | 16.8-cert1-rc1 (including) |
| Certified_asterisk | Digium | 16.8-cert1-rc2 (including) | 16.8-cert1-rc2 (including) |
| Certified_asterisk | Digium | 16.8-cert1-rc3 (including) | 16.8-cert1-rc3 (including) |
| Certified_asterisk | Digium | 16.8-cert1-rc4 (including) | 16.8-cert1-rc4 (including) |
| Certified_asterisk | Digium | 16.8-cert2 (including) | 16.8-cert2 (including) |
| Certified_asterisk | Digium | 16.8-cert3 (including) | 16.8-cert3 (including) |
| Certified_asterisk | Digium | 16.8-cert4 (including) | 16.8-cert4 (including) |
| Certified_asterisk | Digium | 16.8-cert4-rc1 (including) | 16.8-cert4-rc1 (including) |
| Certified_asterisk | Digium | 16.8-cert4-rc2 (including) | 16.8-cert4-rc2 (including) |
| Certified_asterisk | Digium | 16.8-cert4-rc3 (including) | 16.8-cert4-rc3 (including) |
| Certified_asterisk | Digium | 16.8-cert4-rc4 (including) | 16.8-cert4-rc4 (including) |
| Certified_asterisk | Digium | 16.8-cert5 (including) | 16.8-cert5 (including) |
| Asterisk | Ubuntu | trusty | * |
Potential Mitigations
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/125.html
- https://cwe.mitre.org/data/definitions/130.html
- https://cwe.mitre.org/data/definitions/131.html
- https://cwe.mitre.org/data/definitions/494.html
- https://cwe.mitre.org/data/definitions/495.html
- https://cwe.mitre.org/data/definitions/496.html
- https://cwe.mitre.org/data/definitions/666.html
References
- http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html
- http://seclists.org/fulldisclosure/2021/Feb/61
- https://downloads.asterisk.org/pub/security/
- https://downloads.asterisk.org/pub/security/AST-2021-005.html
- https://issues.asterisk.org/jira/browse/ASTERISK-29196
- http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html
- http://seclists.org/fulldisclosure/2021/Feb/61
- https://downloads.asterisk.org/pub/security/
- https://downloads.asterisk.org/pub/security/AST-2021-005.html
- https://issues.asterisk.org/jira/browse/ASTERISK-29196