| Summary: | ASTERISK-23210: Security: Remote crash in res_pjsip. | ||
| Reporter: | Joshua C. Colp (jcolp) | Labels: | Security |
| Date Opened: | 2014-01-29 08:04:18.000-0600 | Date Closed: | 2014-03-10 15:14:49 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Resources/res_pjsip |
| Versions: | 12.0.0 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | When sending qualifies to a permanent contact a crash will occur if no local endpoint is found and the remote server sends a 401 to the OPTIONS. This occurs whether authenticate_qualify is set to yes or no.
This is caused by send_request_cb in res_pjsip.c assuming that out of dialog requests will always have an endpoint associated with them. | ||
| Comments: | |||