ASA-2019-00541 – Asterisk: Remote Crash Vulnerability in audio transcoding

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00541

Identifier(s)

ASA-2019-00541, CVE-2019-15639, AST-2019-005

Title

Remote Crash Vulnerability in audio transcoding

Vendor(s)

Digium, Inc

Product(s)

Asterisk Open Source

Affected version(s)

Asterisk Open Source 13.x before version 13.28.1
Asterisk Open Source 16.x before version 16.5.1

Fixed version(s)

Asterisk Open Source version 13.28.1
Asterisk Open Source version 16.5.1

Proof of concept

Unknown

Description

When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which the message was not relevant. This change assumed that information about the origin of a frame will always exist when in reality it may not.

This issue presented itself when an RTP packet containing no audio (and thus no samples) was received. In a particular transcoding scenario this audio frame would get turned into a frame with no origin information. If this new frame was then given to the audio transcoding support a crash would occur as no samples and no origin information would be present. The transcoding scenario requires the “genericplc” option to be set to enabled (the default) and a transcoding path from the source format into signed linear and then from signed linear into another format.

Technical details

Unknown

Credits

Gregory Massel

Reference(s)

AST-2019-005: Remote Crash Vulnerability in audio transcoding
http://downloads.digium.com/pub/security/AST-2019-005.html

AST-2019-005: Remote Crash Vulnerability in audio transcoding
http://downloads.digium.com/pub/security/AST-2019-005.pdf

AST-2019-005: Remote Crash Vulnerability in audio transcoding
https://seclists.org/fulldisclosure/2019/Sep/9

translate: Crash when frame does not have a “src” field set
https://issues.asterisk.org/jira/browse/ASTERISK-28499

[PATCH] AST-2019-005 – translate: Don’t assume all frames will have a src
http://downloads.asterisk.org/pub/security/AST-2019-005-13.diff

[PATCH] AST-2019-005 – translate: Don’t assume all frames will have a src
http://downloads.asterisk.org/pub/security/AST-2019-005-16.diff

CVE-2019-15639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15639

CVE-2019-15639
https://nvd.nist.gov/vuln/detail/CVE-2019-15639

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: September 23, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.