Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession.
514c38f88457c5adefa470f62cfa4733ee26d4eda6458c3b24c7bb21f2ec9701An unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely.
c6b2cb980ac1c471ada712a10083d5e4a2f109aa8638a11055f9f18afbbc09abIf a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the ???Supported??? header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash.
2f45006a2c9afadddcf34831d258755849dc791b989f4dce2ef9bb09888bc8d9Asterisk Project Security Advisory - A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
fda4a6a55d938370b2cff51231d5b5cedb7a698db9552d692348f87f6dd26560
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed