Summary: | ASTERISK-23210: Security: Remote crash in res_pjsip. | ||
Reporter: | Joshua C. Colp (jcolp) | Labels: | Security |
Date Opened: | 2014-01-29 08:04:18.000-0600 | Date Closed: | 2014-03-10 15:14:49 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Resources/res_pjsip |
Versions: | 12.0.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Attachments: | ||
Description: | When sending qualifies to a permanent contact a crash will occur if no local endpoint is found and the remote server sends a 401 to the OPTIONS. This occurs whether authenticate_qualify is set to yes or no.
This is caused by send_request_cb in res_pjsip.c assuming that out of dialog requests will always have an endpoint associated with them. | ||
Comments: |