FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Memory/File Descriptor/RTP leak in pjsip session resource

Affected packages
13.5.0 <= asterisk13 < 13.18.1

Details

VuXML ID be261737-c535-11e7-8da5-001999f8d30b
Discovery 2017-10-15
Entry 2017-11-09
Modified 2017-12-13

The Asterisk project reports:

A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. This then leads to file descriptors and RTP ports being leaked as well.

References

CVE Name CVE-2017-16672
URL https://downloads.asterisk.org/pub/security/AST-2017-011.html