A flaw was discovered in Asterisk 13.x, 14.x, 15.x and 13.18. By crafting an SDP message with an invalid media format description Asterisk crashes with a segmentation fault when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. References: http://downloads.asterisk.org/pub/security/AST-2018-002.html https://issues.asterisk.org/jira/browse/ASTERISK-27582 Patches: http://downloads.asterisk.org/pub/security/AST-2018-002-13.diff [Asterisk 13] http://downloads.asterisk.org/pub/security/AST-2018-002-14.diff [Asterisk 14] http://downloads.asterisk.org/pub/security/AST-2018-002-15.diff [Asterisk 14] http://downloads.asterisk.org/pub/security/AST-2018-002-13.18.diff [Certified Asterisk 13.18]
Created asterisk tracking bugs for this issue: Affects: epel-6 [bug 1548109] Affects: fedora-all [bug 1548108]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.