Details

      Description

      It is possible to crash Asterisk by sending a SUBSCRIBE request to Asterisk for the presence Event that has no Accept headers.

      This is because res_pjsip_exten_state.c was originally written with the (correct) assumption that res_pjsip_pubsub.c would filter out any SUBSCRIBE requests that had no Accept headers. However, when handles_default_accept support was added, res_pjsip_exten_state.c did not have the assumption removed.

      For the person that writes the security report, this can only be exercised by configured endpoints in PJSIP, so this can't be remotely triggered by just anybody.

      I have already created a patch that fixes the issue. I will upload it here.

        Issue Links

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              Mark Michelson
              Issue Participants:
            • Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development