VOIP: Asterisk PJSIP Invalid fmtp Media Attribute Denial Of Service
A denial-of-service vulnerability has been reported in Asterisk PJSIP. The vulnerability is due to improper validation of SDP Media Attributes. A remote attacker can exploit this vulnerability by sending a crafted SDP message with an invalid fmtp Media Attribute. Successful exploitation can result in denial-of-service conditions.
Extended Description
Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.
Affected Products
Teluu pjsip
References
CVE: CVE-2018-1000099
Short Name
VOIP:SIP:SDP:VOIP-SDP-ATTR-DOS
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
VOIP
Keywords
Asterisk Attribute CVE-2018-1000099 Denial Invalid Media Of PJSIP Service fmtp
Release Date
07/03/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Teluu
Debian
CVSS Score
5.0