[asterisk-bugs] [JIRA] (ASTERISK-28916) Memory leak with Asterisk 16 and malformed REGISTER requests
nappsoft (JIRA)
noreply at issues.asterisk.org
Mon May 25 01:44:25 CDT 2020
nappsoft created ASTERISK-28916:
-----------------------------------
Summary: Memory leak with Asterisk 16 and malformed REGISTER requests
Key: ASTERISK-28916
URL: https://issues.asterisk.org/jira/browse/ASTERISK-28916
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Resources/res_pjsip
Affects Versions: 16.10.0, 16.9.0, 16.7.0
Reporter: nappsoft
We had several asterisk systems running out of memory yesterday during a DOS attack. All of these systems were running with Asterisk >=16.7.0, some with PJSIP 2.9, some already with 2.10
Other machines with asterisk 13 have been attacked as well, however without running into any troubles. (That's why I guess that it's rather an asterisk issue than a PJSIP issue).
The register messages with which the systems got attacked were obviously broken and looked like bellow (IP replaced with xx.xx). What should be noticed:
- there was no CRLF after the headers
- the Content-Type of the register is set to applicatoin/sdp
- the user-agent was empty
REGISTER sip:220 at x.x.x.x SIP/2.0
To: 220 <sip:220 at x.x.x.x>
From: <sip:220 at x.x.x.x>;tag=0c26cd11
Via: SIP/2.0/UDP x.x.x.x:53716;branch=s8rinbit1zv039o5imke6y3vyvi91fizpvjnepn6l3kh7a9u6t2isdw89uhuqui2hb825f5;rport
Call-ID: e08c2ff23aa7495abd86575f1a294b1b
CSeq: 1 REGISTER
Contact: <sip:220 at x.x.x.x:53716>
User-Agent:
Max-forwards: 70
Allow: INVITE, ACK, CANCEL, BYE, REFER
Content-Type: application/sdp
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list