Red Hat Bugzilla – Bug 838178
CVE-2012-3863 asterisk: Possible resource leak on uncompleted re-invite transactions
Last modified: 2012-12-11 04:04:40 EST
If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for the call are never released. If an attacker has the ability to place a call, they could create a denial of service by using all available RTP ports.
Created asterisk tracking bugs for this issue
Affects: fedora-17 [bug 838180]
Affects: fedora-16 [bug 838181]
Affects: epel-6 [bug 838182]
asterisk-10.5.2-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-22.214.171.124-1.el6 has been pushed to the Epel 6 repository. If problems still persist, please make note of it in this bug report.
asterisk-126.96.36.199-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.