Opened 22 months ago

Closed 22 months ago

Last modified 22 months ago

#2016 closed defect (fixed)

Buffer overrun in PJSIP transaction layer

Reported by: ming Owned by: bennylp
Priority: normal Milestone: release-2.7
Component: pjsip Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description (last modified by ming)

A crash can happen if PJSIP receives a message with a specific CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.

Thanks to George Joseph and Asterisk team for the report.

Change History (2)

comment:1 Changed 22 months ago by ming

  • Resolution set to fixed
  • Status changed from new to closed

In 5593:

Fixed #2016: Buffer overrun in PJSIP transaction layer

comment:2 Changed 22 months ago by ming

  • Description modified (diff)
Note: See TracTickets for help on using tickets.