Mbradeen

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 18.24.3, 20.9.3, and 21.4.3 Certified Asterisk versions prior to 18.9-cert12 and 20.7-cert2 **Description** The issue is related to errors in sending SIP requests to URIs. If Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and `res resolver unbound` is loaded, Asterisk will crash with a SEGV. This can allow a remote attacker to cause a denial of service and termination of the service. **Recommendations** For versions prior to 18.24.3, 20.9.3, and 21.4.3 of Asterisk, upgrade to one of the following versions: 18.24.3, 20.9.3, or 21.4.3. For versions prior to 18.9-cert12 and 20.7-cert2 of Certified Asterisk, upgrade to one of the following versions: certified-18.9-cert12 or certified-20.7-cert2. As a temporary workaround, disable `res resolver unbound` by setting `noload = res resolver unbound.so` in modules.conf. Alternatively, set `rewrite contact = yes` on all PJSIP endpoints, but note that this may not be appropriate for all Asterisk configurations.

**Name of the Vulnerable Software and Affected Versions** Asterisk versions 18.20.0 and prior Asterisk versions 20.5.0 and prior Asterisk version 21.0.0 certified-asterisk versions 18.9-cert5 and prior **Description** The issue is related to the `PJSIP HEADER` dialplan function in Asterisk, where the 'update' functionality can exceed the available buffer space for storing the new value of a header, potentially overwriting memory or causing a crash. This is not externally exploitable unless the dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used, the issue does not occur. **Recommendations** For Asterisk versions 18.20.0 and prior, update to a version that includes the patch available at commit a1ca0268254374b515fa5992f01340f7717113fa. For Asterisk versions 20.5.0 and prior, update to a version that includes the patch available at commit a1ca0268254374b515fa5992f01340f7717113fa. For Asterisk version 21.0.0, update to a version that includes the patch available at commit a1ca0268254374b515fa5992f01340f7717113fa. For certified-asterisk versions 18.9-cert5 and prior, update to a version that includes the patch available at commit a1ca0268254374b515fa5992f01340f7717113fa. As a temporary workaround, consider disabling the `PJSIP HEADER` function's 'update' functionality until a patch is available.