[asterisk-bugs] [JIRA] (ASTERISK-30244) res_pjsip_pubsub: Occasional crash when TCP/TLS connection terminated and subscription persistence is removed
nappsoft (JIRA)
noreply at issues.asterisk.org
Wed Sep 28 07:22:09 CDT 2022
[ https://issues.asterisk.org/jira/browse/ASTERISK-30244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=260366#comment-260366 ]
nappsoft commented on ASTERISK-30244:
-------------------------------------
Thanks for your feedback. At least the memory leak seems not to be severe: I've activated the patched version a bit more than two days ago on the two mentioned systems and the increase in memory consumption over time seems to be quite small.
As I was able to reliably let asterisk crash with the mentioned method (success rate >60%) this seems to be a possible DOS vulnerability for authenticated sessions
> res_pjsip_pubsub: Occasional crash when TCP/TLS connection terminated and subscription persistence is removed
> -------------------------------------------------------------------------------------------------------------
>
> Key: ASTERISK-30244
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-30244
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip_pubsub
> Affects Versions: 18.14.0
> Reporter: nappsoft
> Severity: Major
> Attachments: crash.txt
>
>
> We are observing crashes from time to time on less than one percent of systems. The segfault always happens at the same address in res_pjsip.so
> What they have in common: while we use lots of clients with TCP and TLS connections, only on these systems we have phones (Yealink) connected which subscribe over TLS and/or TCP.
> I can reproduce the crash from time to time when rebooting the phone. The crash happens as soon as it is up again and renewing the subscriptions.
> I was now able to create a backtrace, which you will find attached.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list