Bug 2254633 (CVE-2023-49786)

Summary: CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol triggers denial of service
Product: [Other] Security Response Reporter: Robb Gatica <rgatica>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: asterisk 18.20.1, asterisk 20.5.1, asterisk 21.0.1, certified-asterisk 18.9-cert6 Doc Type: ---
Doc Text:
A flaw was discovered in Asterisk. A remote attacker may trigger a race condition which can lead to denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2254634, 2254635    
Bug Blocks: 2254624    

Description Robb Gatica 2023-12-14 23:23:56 UTC 
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, and 18.9-cert6.

https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
Comment 1 Robb Gatica 2023-12-14 23:24:13 UTC 
Created asterisk tracking bugs for this issue:

Affects: epel-all [bug 2254634]
Affects: fedora-all [bug 2254635]