[asterisk-bugs] [JIRA] (ASTERISK-28916) Memory leak with Asterisk 16 and malformed REGISTER requests

[nappsoft (JIRA)]

     [ https://issues.asterisk.org/jira/browse/ASTERISK-28916?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

nappsoft closed ASTERISK-28916.
-------------------------------

    Resolution: Suspended

> Memory leak with Asterisk 16 and malformed REGISTER requests
> ------------------------------------------------------------
>
>                 Key: ASTERISK-28916
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28916
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 16.7.0, 16.9.0, 16.10.0
>            Reporter: nappsoft
>         Attachments: mmlog
>
>
> We had several asterisk systems running out of memory yesterday during a DOS attack. All of these systems were running with Asterisk >=16.7.0, some with PJSIP 2.9, some already with 2.10
> Other machines with asterisk 13 have been attacked as well, however without running into any troubles. (That's why I guess that it's rather an asterisk issue than a PJSIP issue).
> The register messages with which the systems got attacked were obviously broken and looked like bellow (IP replaced with xx.xx). What should be noticed:
> - there was no CRLF after the headers
> - the Content-Type of the register is set to applicatoin/sdp
> - the user-agent was empty
> REGISTER sip:220 at x.x.x.x SIP/2.0
> To: 220 <sip:220 at x.x.x.x>
> From:  <sip:220 at x.x.x.x>;tag=0c26cd11
> Via: SIP/2.0/UDP x.x.x.x:53716;branch=s8rinbit1zv039o5imke6y3vyvi91fizpvjnepn6l3kh7a9u6t2isdw89uhuqui2hb825f5;rport
> Call-ID: e08c2ff23aa7495abd86575f1a294b1b
> CSeq: 1 REGISTER
> Contact: <sip:220 at x.x.x.x:53716>
> User-Agent: 
> Max-forwards: 70
> Allow: INVITE, ACK, CANCEL, BYE, REFER
> Content-Type: application/sdp



--
This message was sent by Atlassian JIRA
(v6.2#6252)