Allele Security Alert
ASA-2019-00421
Identifier(s)
ASA-2019-00421, CVE-2019-13161, AST-2019-002
Title
Remote crash vulnerability with MESSAGE messages
Vendor(s)
Digium, Inc
Product(s)
Certified Asterisk
Asterisk Open Source
Affected version(s)
Certified Asterisk all releases from version 13.21-cert
Asterisk Open Source all releases from version 13.x
Asterisk Open Source all releases from version 15.x
Asterisk Open Source all releases from version 16.x
Fixed version(s)
Certified Asterisk version 13.21-cert4
Asterisk Open Source version 13.27.1
Asterisk Open Source version 15.7.3
Asterisk Open Source version 16.4.1
Proof of concept
Unknown
Description
A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.
Technical details
Unknown
Credits
Gil Richard
Reference(s)
AST-2019-002
https://downloads.asterisk.org/pub/security/AST-2019-002.html
res_pjsip_messaging: In-dialog MESSAGE with no body causes crash
https://issues.asterisk.org/jira/browse/ASTERISK-28447
11558: res_pjsip_messaging: Check for body in in-dialog message
https://gerrit.asterisk.org/c/asterisk/+/11558
CVE-2019-13161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161
CVE-2019-13161
https://nvd.nist.gov/vuln/detail/CVE-2019-13161
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: September 23, 2019