N/A

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.

N/A

N/A

Asterisk Open Source拒绝服务漏洞

Digium Asterisk是美国Digium公司的一套开源的电话交换机（PBX）系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Asterisk Open Source 1.8.8.2之前的1.8.x版本和10.0.1之前的10.x版本的chan_sip.c中存在漏洞，该漏洞源于res_srtp模块的应用或未正确配置媒体支持。远程攻击者可利用该漏洞借助特制的具有加密属性的SDP消息和(1) 视频或(2)文本媒体类型，引发拒绝服务（空指针解引用进而守护进程崩溃）。该漏洞已被CS

N/A

N/A