[Home]

Summary:ASTERISK-30103: chan_ooh323 Vulnerability in calling/called party IE
Reporter:Michael Bradeen (mbradeen)Labels:security
Date Opened:2022-06-08 12:11:57Date Closed:2022-12-01 11:46:52.000-0600
Priority:BlockerRegression?
Status:Closed/CompleteComponents:Addons/chan_ooh323
Versions:18.10.0 Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:When using a called or calling party number with a length of 0 (malformed) it is possible to cause a buffer under-run when parsing.
Comments:By: Asterisk Team (asteriskteam) 2022-06-08 12:12:05.560-0500

This issue has been automatically restricted and set to a blocker due to being a security type issue. If this is not a security vulnerability issue it will be moved to the appropriate issue type when triaged.

Please DO NOT put a code review up for this change at this time. Attach any applicable patches to this issue.

By: Friendly Automation (friendly-automation) 2022-12-01 11:46:53.317-0600

Change 19624 merged by Benjamin Keith Ford:
ooh323c: not checking for IE minimum length

[https://gerrit.asterisk.org/c/asterisk/+/19624|https://gerrit.asterisk.org/c/asterisk/+/19624]

By: Friendly Automation (friendly-automation) 2022-12-01 11:47:07.387-0600

Change 19625 merged by Benjamin Keith Ford:
ooh323c: not checking for IE minimum length

[https://gerrit.asterisk.org/c/asterisk/+/19625|https://gerrit.asterisk.org/c/asterisk/+/19625]

By: Friendly Automation (friendly-automation) 2022-12-01 11:47:16.915-0600

Change 19626 merged by Benjamin Keith Ford:
ooh323c: not checking for IE minimum length

[https://gerrit.asterisk.org/c/asterisk/+/19626|https://gerrit.asterisk.org/c/asterisk/+/19626]

By: Friendly Automation (friendly-automation) 2022-12-01 11:47:29.430-0600

Change 19627 merged by Benjamin Keith Ford:
ooh323c: not checking for IE minimum length

[https://gerrit.asterisk.org/c/asterisk/+/19627|https://gerrit.asterisk.org/c/asterisk/+/19627]

By: Friendly Automation (friendly-automation) 2022-12-01 11:55:35.475-0600

Change 19647 merged by Benjamin Keith Ford:
ooh323c: not checking for IE minimum length

[https://gerrit.asterisk.org/c/asterisk/+/19647|https://gerrit.asterisk.org/c/asterisk/+/19647]

By: Friendly Automation (friendly-automation) 2022-12-01 11:55:45.745-0600

Change 19614 merged by Benjamin Keith Ford:
ooh323c: not checking for IE minimum length

[https://gerrit.asterisk.org/c/asterisk/+/19614|https://gerrit.asterisk.org/c/asterisk/+/19614]

By: Friendly Automation (friendly-automation) 2022-12-01 11:55:59.028-0600

Change 19650 merged by Benjamin Keith Ford:
ooh323c: not checking for IE minimum length

[https://gerrit.asterisk.org/c/asterisk/+/19650|https://gerrit.asterisk.org/c/asterisk/+/19650]

By: Friendly Automation (friendly-automation) 2022-12-01 11:56:31.856-0600

Change 19615 merged by Benjamin Keith Ford:
ooh323c: not checking for IE minimum length

[https://gerrit.asterisk.org/c/asterisk/+/19615|https://gerrit.asterisk.org/c/asterisk/+/19615]

By: Friendly Automation (friendly-automation) 2022-12-01 11:56:43.855-0600

Change 19653 merged by Benjamin Keith Ford:
ooh323c: not checking for IE minimum length

[https://gerrit.asterisk.org/c/asterisk/+/19653|https://gerrit.asterisk.org/c/asterisk/+/19653]