Asterisk
  1. Asterisk
  2. ASTERISK-29057

pjsip: Crash on call rejection during high load

    Details

    • Regression:
      No

      Description

      This is a crash within PJSIP whereby under heavy load the INVITE transaction on an INVITE session may not be set when sending a response, resulting in a crash.

      1. AST-2020-001.pdf
        45 kB
        Kevin Harwell
      2. ASTERISK-29057-16.diff
        16 kB
        Kevin Harwell
      3. backtrace.txt
        2 kB
        Joshua C. Colp
      4. security.txt
        9 kB
        Joshua C. Colp

        Issue Links

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

          Hide
          Friendly Automation added a comment -

          Change 15154 merged by Kevin Harwell:
          AST-2020-001 - res_pjsip: Return dialog locked and referenced

          https://gerrit.asterisk.org/c/asterisk/+/15154

          Show
          Friendly Automation added a comment - Change 15154 merged by Kevin Harwell: AST-2020-001 - res_pjsip: Return dialog locked and referenced https://gerrit.asterisk.org/c/asterisk/+/15154
          Hide
          Friendly Automation added a comment -

          Change 15155 merged by Kevin Harwell:
          AST-2020-001 - res_pjsip: Return dialog locked and referenced

          https://gerrit.asterisk.org/c/asterisk/+/15155

          Show
          Friendly Automation added a comment - Change 15155 merged by Kevin Harwell: AST-2020-001 - res_pjsip: Return dialog locked and referenced https://gerrit.asterisk.org/c/asterisk/+/15155
          Hide
          Kevin Harwell added a comment -

          CVE received, and docs updated:

          CVE-2020-28327

          I've put in a request for publication of the CVE. It might take a few days for it to sync up and be made public though.

          Any further updates can't be viewed here: http://downloads.asterisk.org/pub/security/AST-2020-001.html

          Show
          Kevin Harwell added a comment - CVE received, and docs updated: CVE-2020-28327 I've put in a request for publication of the CVE. It might take a few days for it to sync up and be made public though. Any further updates can't be viewed here: http://downloads.asterisk.org/pub/security/AST-2020-001.html
          Hide
          Sandro Gauci added a comment -

          Thanks for the notice. We put the CVE up on our advisory too now.

          Show
          Sandro Gauci added a comment - Thanks for the notice. We put the CVE up on our advisory too now.
          Hide
          Asterisk Team added a comment -

          This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable.

          Show
          Asterisk Team added a comment - This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable.

            People

            • Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: