[asterisk-bugs] [JIRA] (ASTERISK-23210) Security: Remote crash in res_pjsip.
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Mon Mar 10 15:51:08 CDT 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-23210?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-23210:
-----------------------------------
Target Release Version/s: 12.1.1
Security: None (was: Reporter, Bug Marshals, and Digium)
> Security: Remote crash in res_pjsip.
> ------------------------------------
>
> Key: ASTERISK-23210
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-23210
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip
> Affects Versions: 12.0.0
> Reporter: Joshua Colp
> Severity: Critical
> Labels: Security
> Target Release: 12.1.1
>
>
> When sending qualifies to a permanent contact a crash will occur if no local endpoint is found and the remote server sends a 401 to the OPTIONS. This occurs whether authenticate_qualify is set to yes or no.
> This is caused by send_request_cb in res_pjsip.c assuming that out of dialog requests will always have an endpoint associated with them.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list