Advisory: ES2020-02 – Asterisk crash due to INVITE flood over TCP

Posted by Sandro Gauci on Nov 06

# Asterisk crash due to INVITE flood over TCP

– Fixed versions: 13.37.1, 16.14.1, 17.8.1, 18.0.1
– Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2020-02-asterisk-tcp-invite-crash
– Asterisk Security Advisory: https://downloads.asterisk.org/pub/security/AST-2020-001.html
– Tested vulnerable versions: 17.5.1, 17.6.0
– Timeline:
– Report date: 2020-08-31
– Triaged: 2020-09-01
– Fix provided…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source