[asterisk-bugs] [JIRA] (ASTERISK-29872) res_stir_shaken: Resource exhaustion with large files
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Thu May 5 09:42:45 CDT 2022
[ https://issues.asterisk.org/jira/browse/ASTERISK-29872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Asterisk Team updated ASTERISK-29872:
-------------------------------------
Target Release Version/s: 16.26.0
> res_stir_shaken: Resource exhaustion with large files
> -----------------------------------------------------
>
> Key: ASTERISK-29872
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-29872
> Project: Asterisk
> Issue Type: Security
> Security Level: None
> Components: Resources/res_stir_shaken
> Affects Versions: 16.23.0, 18.9.0, 19.1.0
> Reporter: Benjamin Keith Ford
> Severity: Blocker
> Labels: security
> Target Release: 16.25.2, 18.11.2, 19.3.2, 16.26.0
>
>
> When we receive a SIP INVITE that has an Identity header, we attempt to download the certificate if stir_shaken is enabled. However, we don't have any checks in place to ensure that the file is not too large and that the file is actually a certificate.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list