Summary: | ASTERISK-30103: chan_ooh323 Vulnerability in calling/called party IE | ||
Reporter: | Michael Bradeen (mbradeen) | Labels: | security |
Date Opened: | 2022-06-08 12:11:57 | Date Closed: | 2022-12-01 11:46:52.000-0600 |
Priority: | Blocker | Regression? | |
Status: | Closed/Complete | Components: | Addons/chan_ooh323 |
Versions: | 18.10.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Attachments: | ||
Description: | When using a called or calling party number with a length of 0 (malformed) it is possible to cause a buffer under-run when parsing. | ||
Comments: | By: Asterisk Team (asteriskteam) 2022-06-08 12:12:05.560-0500 This issue has been automatically restricted and set to a blocker due to being a security type issue. If this is not a security vulnerability issue it will be moved to the appropriate issue type when triaged. Please DO NOT put a code review up for this change at this time. Attach any applicable patches to this issue. By: Friendly Automation (friendly-automation) 2022-12-01 11:46:53.317-0600 Change 19624 merged by Benjamin Keith Ford: ooh323c: not checking for IE minimum length [https://gerrit.asterisk.org/c/asterisk/+/19624|https://gerrit.asterisk.org/c/asterisk/+/19624] By: Friendly Automation (friendly-automation) 2022-12-01 11:47:07.387-0600 Change 19625 merged by Benjamin Keith Ford: ooh323c: not checking for IE minimum length [https://gerrit.asterisk.org/c/asterisk/+/19625|https://gerrit.asterisk.org/c/asterisk/+/19625] By: Friendly Automation (friendly-automation) 2022-12-01 11:47:16.915-0600 Change 19626 merged by Benjamin Keith Ford: ooh323c: not checking for IE minimum length [https://gerrit.asterisk.org/c/asterisk/+/19626|https://gerrit.asterisk.org/c/asterisk/+/19626] By: Friendly Automation (friendly-automation) 2022-12-01 11:47:29.430-0600 Change 19627 merged by Benjamin Keith Ford: ooh323c: not checking for IE minimum length [https://gerrit.asterisk.org/c/asterisk/+/19627|https://gerrit.asterisk.org/c/asterisk/+/19627] By: Friendly Automation (friendly-automation) 2022-12-01 11:55:35.475-0600 Change 19647 merged by Benjamin Keith Ford: ooh323c: not checking for IE minimum length [https://gerrit.asterisk.org/c/asterisk/+/19647|https://gerrit.asterisk.org/c/asterisk/+/19647] By: Friendly Automation (friendly-automation) 2022-12-01 11:55:45.745-0600 Change 19614 merged by Benjamin Keith Ford: ooh323c: not checking for IE minimum length [https://gerrit.asterisk.org/c/asterisk/+/19614|https://gerrit.asterisk.org/c/asterisk/+/19614] By: Friendly Automation (friendly-automation) 2022-12-01 11:55:59.028-0600 Change 19650 merged by Benjamin Keith Ford: ooh323c: not checking for IE minimum length [https://gerrit.asterisk.org/c/asterisk/+/19650|https://gerrit.asterisk.org/c/asterisk/+/19650] By: Friendly Automation (friendly-automation) 2022-12-01 11:56:31.856-0600 Change 19615 merged by Benjamin Keith Ford: ooh323c: not checking for IE minimum length [https://gerrit.asterisk.org/c/asterisk/+/19615|https://gerrit.asterisk.org/c/asterisk/+/19615] By: Friendly Automation (friendly-automation) 2022-12-01 11:56:43.855-0600 Change 19653 merged by Benjamin Keith Ford: ooh323c: not checking for IE minimum length [https://gerrit.asterisk.org/c/asterisk/+/19653|https://gerrit.asterisk.org/c/asterisk/+/19653] |