[asterisk-bugs] [JIRA] (ASTERISK-30103) chan_ooh323 Vulnerability in calling/called party IE
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Thu Dec 1 11:47:52 CST 2022
[ https://issues.asterisk.org/jira/browse/ASTERISK-30103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=260763#comment-260763 ]
Friendly Automation commented on ASTERISK-30103:
------------------------------------------------
Change 19625 merged by Benjamin Keith Ford:
ooh323c: not checking for IE minimum length
[https://gerrit.asterisk.org/c/asterisk/+/19625|https://gerrit.asterisk.org/c/asterisk/+/19625]
> chan_ooh323 Vulnerability in calling/called party IE
> ----------------------------------------------------
>
> Key: ASTERISK-30103
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-30103
> Project: Asterisk
> Issue Type: Security
> Security Level: None
> Components: Addons/chan_ooh323
> Affects Versions: 18.10.0
> Reporter: Michael Bradeen
> Assignee: Michael Bradeen
> Severity: Blocker
> Labels: security
>
> When using a called or calling party number with a length of 0 (malformed) it is possible to cause a buffer under-run when parsing.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list