Tags › Stack Corruption
Asterisk PJSIP: stack corruption via large Accept header in SUBSCRIBE
Published on Feb 22, 2018 in CVE-2018-7284, asterisk, pjsip, stack corruption, denial of service, security advisory
- Authors:
- Alfred Farrugia alfred@enablesecurity.com
- Sandro Gauci sandro@enablesecurity.com
- Latest vulnerable version: Asterisk 15.2.0 running
chan_pjsip - Tested vulnerable versions: 15.2.0, 13.19.0, 14.7.5, 13.11.2
- References: AST-2018-004, CVE-2018-7284
- Advisory URL: https://www.enablesecurity.com/advisories/ES2018-01-asterisk-pjsip-subscribe-stack-corruption/
- Vendor Advisory: http://downloads.asterisk.org/pub/security/AST-2018-004.html
- Timeline:
- Issue reported to vendor: 2018-01-30
- Vendor patch made available to us: 2018-02-06
- Vendor advisory published: 2018-02-21
- Enable Security advisory: 2018-02-22
Description
A large SUBSCRIBE message with multiple malformed Accept headers will crash Asterisk due to stack corruption.
Impact
Abuse of this vulnerability leads to denial of service in Asterisk when chan_pjsip is in use. Brief analysis indicates that this is an exploitable vulnerability that may lead to remote code execution.
