An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older,
15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages
create a dialog in Asterisk. Those SIP messages must contain a contact
header. For those messages, if the header was not present and the PJSIP
channel driver was used, Asterisk would crash. The severity of this
vulnerability is somewhat mitigated if authentication is enabled. If
authentication is enabled, a user would have to first be authorized before
reaching the crash point.
Upstream:released (1:13.18.5~dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.10 (Eoan Ermine):not-affected (1:13.22.0~dfsg-2)
Ubuntu 20.04 (Focal Fossa):not-affected (1:13.22.0~dfsg-2)
More Information

Updated: 2020-04-24 03:39:39 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)