Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DOS:DIGIUM-PJSIP-DOS

Severity

 Major

Recommended

 Yes

Category

 DOS

Keywords

 Digium Asterisk PJSIP In-Dialog MESSAGE Request Denial-of-Service

Release Date

 2019/09/05

Update Number

 3205

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DOS: Digium Asterisk PJSIP In-Dialog MESSAGE Request Denial-of-Service


This signature detects attempts to exploit a known vulnerability against Digium Asterisk. A successful attack can lead to Denial of Service condition.

Extended Description

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

Affected Products

  • Digium asterisk 13.0.0
  • Digium asterisk 13.0.1
  • Digium asterisk 13.0.2
  • Digium asterisk 13.1.0
  • Digium asterisk 13.10.0
  • Digium asterisk 13.1.1
  • Digium asterisk 13.11.0
  • Digium asterisk 13.11.1
  • Digium asterisk 13.11.2
  • Digium asterisk 13.12
  • Digium asterisk 13.12.0
  • Digium asterisk 13.12.1
  • Digium asterisk 13.12.2
  • Digium asterisk 13.13
  • Digium asterisk 13.13.0
  • Digium asterisk 13.13.1
  • Digium asterisk 13.14.0
  • Digium asterisk 13.14.1
  • Digium asterisk 13.15.0
  • Digium asterisk 13.15.1
  • Digium asterisk 13.16.0
  • Digium asterisk 13.17.0
  • Digium asterisk 13.17.1
  • Digium asterisk 13.17.2
  • Digium asterisk 13.18.0
  • Digium asterisk 13.18.1
  • Digium asterisk 13.18.2
  • Digium asterisk 13.18.3
  • Digium asterisk 13.18.4
  • Digium asterisk 13.18.5
  • Digium asterisk 13.19.0
  • Digium asterisk 13.19.1
  • Digium asterisk 13.19.2
  • Digium asterisk 13.2.0
  • Digium asterisk 13.20.0
  • Digium asterisk 13.2.1
  • Digium asterisk 13.21.0
  • Digium asterisk 13.21.1
  • Digium asterisk 13.22.0
  • Digium asterisk 13.23.0
  • Digium asterisk 13.23.1
  • Digium asterisk 13.3.0
  • Digium asterisk 13.3.1
  • Digium asterisk 13.3.2
  • Digium asterisk 13.4.0
  • Digium asterisk 13.5.0
  • Digium asterisk 13.6.0
  • Digium asterisk 13.7.0
  • Digium asterisk 13.7.1
  • Digium asterisk 13.7.2
  • Digium asterisk 13.8.0
  • Digium asterisk 13.8.1
  • Digium asterisk 13.8.2
  • Digium asterisk 13.9.0
  • Digium asterisk 13.9.1
  • Digium asterisk 15.0.0
  • Digium asterisk 15.1.0
  • Digium asterisk 15.1.1
  • Digium asterisk 15.1.2
  • Digium asterisk 15.1.3
  • Digium asterisk 15.1.4
  • Digium asterisk 15.1.5
  • Digium asterisk 15.2.0
  • Digium asterisk 15.2.1
  • Digium asterisk 15.2.2
  • Digium asterisk 15.3.0
  • Digium asterisk 15.4.0
  • Digium asterisk 15.4.1
  • Digium asterisk 15.5.0
  • Digium asterisk 15.6.0
  • Digium asterisk 15.6.1
  • Digium asterisk 15.6.2
  • Digium asterisk 15.7.0
  • Digium asterisk 15.7.1
  • Digium asterisk 16.0.0
  • Digium asterisk 16.0.1
  • Digium asterisk 16.1.0
  • Digium asterisk 16.2.0
  • Digium asterisk 16.2.1
  • Digium asterisk 16.3.0
  • Digium certified_asterisk 13.21

References

  • CVE: CVE-2019-12827
  • URL: http://downloads.digium.com/pub/security/AST-2019-002.html
  • URL: https://issues.asterisk.org/jira/browse/ASTERISK-28447

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out