FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk and pjsip -- multiple vulnerabilities

Affected packages
asterisk13 < 13.19.2
pjsip < 2.7.2
pjsip-extsrtp < 2.7.2

Details

VuXML ID f9f5c5a2-17b5-11e8-90b8-001999f8d30b
Discovery 2018-02-21
Entry 2018-02-22

The Asterisk project reports:

AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description.

AST-2018-003 - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid).

References

URL https://downloads.asterisk.org/pub/security/AST-2018-002.html
URL https://downloads.asterisk.org/pub/security/AST-2018-003.html