Asterisk
  1. Asterisk
  2. ASTERISK-27337

chan_sip: Security vulnerability with client code header (revisited)

    Details

    • Type: Bug Bug
    • Status: Closed
    • Severity: Major Major
    • Resolution: Fixed
    • Affects Version/s: 13.17.2, 14.6.2, 15.0.0
    • Target Release Version/s: 13.18.1, 13.19.0, 14.4.1, 15.1.1, 15.2.0, 16.0.0
    • Component/s: None
    • Labels:
      None
    • Frequency of Occurrence:
      Constant

      Description

      The fix for ASTERISK-26897 didn't go quite far enough. It fixed setting the userfield for the CDR's Party A but didn't fix the same problem when the CDR's Party B userfield is set.

        Issue Links

          Activity

          Hide
          Friendly Automation added a comment -

          Change 7128 merged by George Joseph:
          AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

          https://gerrit.asterisk.org/7128

          Show
          Friendly Automation added a comment - Change 7128 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun https://gerrit.asterisk.org/7128
          Hide
          Friendly Automation added a comment -

          Change 7129 merged by George Joseph:
          AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

          https://gerrit.asterisk.org/7129

          Show
          Friendly Automation added a comment - Change 7129 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun https://gerrit.asterisk.org/7129
          Hide
          Friendly Automation added a comment -

          Change 7130 merged by George Joseph:
          AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

          https://gerrit.asterisk.org/7130

          Show
          Friendly Automation added a comment - Change 7130 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun https://gerrit.asterisk.org/7130
          Hide
          Friendly Automation added a comment -

          Change 7131 merged by George Joseph:
          AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

          https://gerrit.asterisk.org/7131

          Show
          Friendly Automation added a comment - Change 7131 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun https://gerrit.asterisk.org/7131
          Hide
          Friendly Automation added a comment -

          Change 7132 merged by George Joseph:
          AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

          https://gerrit.asterisk.org/7132

          Show
          Friendly Automation added a comment - Change 7132 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun https://gerrit.asterisk.org/7132

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: