[asterisk-bugs] [JIRA] (ASTERISK-27640) SUBSCRIBE message with a large Accept value causes stack corruption

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Wed Feb 21 10:52:14 CST 2018


     [ https://issues.asterisk.org/jira/browse/ASTERISK-27640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Harwell updated ASTERISK-27640:
-------------------------------------

    Security:     (was: Reporter, Bug Marshals, and Digium)

> SUBSCRIBE message with a large Accept value causes stack corruption
> -------------------------------------------------------------------
>
>                 Key: ASTERISK-27640
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27640
>             Project: Asterisk
>          Issue Type: Security
>          Components: Channels/chan_pjsip
>    Affects Versions: 15.2.0
>            Reporter: Sandro Gauci
>            Assignee: Unassigned
>            Severity: Blocker
>              Labels: patch, security
>         Attachments: advisory.md, ASTERISK-27640.diff, extensions.conf, pjsip.conf
>
>
> A large SUBSCRIBE message with multiple malformed `Accept` headers will crash Asterisk due to stack corruption. Please see advisory.md for full details and script to reproduce the issue.
> Configuration files are attached too. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list