Sandrogauci

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 18.20.1 Asterisk versions prior to 20.5.1 Asterisk versions prior to 21.0.1 Certified Asterisk versions prior to 18.9-cert6 **Description** The issue is caused by a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This can be exploited by a remote attacker to cause a denial of service, potentially leading to a massive denial of service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. The attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. **Recommendations** For Asterisk versions prior to 18.20.1, update to version 18.20.1 or later. For Asterisk versions prior to 20.5.1, update to version 20.5.1 or later. For Asterisk versions prior to 21.0.1, update to version 21.0.1 or later. For Certified Asterisk versions prior to 18.9-cert6, update to version 18.9-cert6 or later.

**Name of the Vulnerable Software and Affected Versions** OpenSIPS versions prior to 3.1.8 and 3.2.5 **Description** OpenSIPS is a Session Initiation Protocol (SIP) server implementation. The issue arises when a malformed SDP body is sent multiple times to an OpenSIPS configuration that uses the `stream process` function. This was discovered during coverage guided fuzzing of the `codec delete except re` function. An attacker can crash the server by exploiting this issue, which affects configurations containing functions that rely on the affected code, such as `codec delete except re`. **Recommendations** For versions prior to 3.1.8, update to version 3.1.8 or later. For versions prior to 3.2.5, update to version 3.2.5 or later. As a temporary workaround, consider disabling the `stream process` function until a patch is available. Restrict access to configurations containing functions that rely on the affected code, such as `codec delete except re`, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSIPS versions prior to 3.1.8 and 3.2.5 **Description** OpenSIPS is a Session Initiation Protocol (SIP) server implementation. When a specially crafted SIP message is processed by the function `rewrite ruri`, a crash occurs due to a segmentation fault, causing the server to crash. This issue affects configurations containing functions that make use of the affected code, such as the function `setport`. **Recommendations** For versions prior to 3.1.8, update to version 3.1.8 or later. For versions prior to 3.2.5, update to version 3.2.5 or later. As a temporary workaround, consider disabling the `rewrite ruri` function until a patch is available. Restrict access to configurations containing functions that make use of the affected code, such as the function `setport`, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSIPS versions prior to 3.1.7 OpenSIPS versions prior to 3.2.4 **Description** OpenSIPS is a Session Initiation Protocol (SIP) server implementation. A specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse param name()`. This issue was discovered while performing coverage guided fuzzing of the function `parse msg`. The AddressSanitizer identified that the issue occurred in the function `q memchr()` which is being called by the function `parse param name()`. This issue may cause erratic program behaviour or a server crash. It affects configurations containing functions that make use of the affected code, such as the function `www authorize()`. **Recommendations** For versions prior to 3.1.7, update to version 3.1.7 or later. For versions prior to 3.2.4, update to version 3.2.4 or later. As a temporary workaround, consider disabling the `www authorize()` function until a patch is available. Restrict access to configurations containing functions that make use of the affected code to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FreeSWITCH versions prior to 1.10.7 **Description** The issue allows remote attackers to terminate calls by flooding a media port handling SRTP traffic with specially crafted SRTP packets, leading to denial of service. This can be done continuously, denying encrypted calls during the attack. The call disconnection occurs due to a hard-coded threshold of 100 SRTP errors in the source file `switch rtp.c`. The attack does not require authentication or any special foothold in the caller's or the callee's network. This issue was reproduced in both SIP and WebRTC environments using the SDES and DTLS key exchange mechanisms, respectively. **Recommendations** For versions prior to 1.10.7, update to version 1.10.7 to resolve the issue. As a temporary workaround, consider restricting access to the `switch rtp.c` file or disabling the SRTP functionality until a patch is applied. Avoid using the SRTP protocol in sensitive environments until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 13.x through 13.37.0 Asterisk Open Source versions 16.x through 16.14.0 Asterisk Open Source versions 17.x through 17.8.0 Asterisk Open Source versions 18.x through 18.0.0 Certified Asterisk versions prior to 16.8-cert5 **Description** A crash in the res pjsip session module was discovered. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced, causing a gap between the creation of the dialog object and its next use. This gap allowed another thread to free the dialog, leading to a crash when the dialog object or its dependent objects were accessed. The crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS) for SIP transport and the remote client is authenticated or Asterisk is configured for anonymous calling. **Recommendations** For Asterisk Open Source versions 13.x through 13.37.0, update to version 13.37.1 or later. For Asterisk Open Source versions 16.x through 16.14.0, update to version 16.14.1 or later. For Asterisk Open Source versions 17.x through 17.8.0, update to version 17.8.1 or later. For Asterisk Open Source versions 18.x through 18.0.0, update to version 18.0.1 or later. For Certified Asterisk versions prior to 16.8-cert5, update to version 16.8-cert5 or later.

Name of the Vulnerable Software and Affected Versions: Coturn versions prior to 4.5.2 Description: The issue is related to incorrect input validation in Coturn, a free open source implementation of TURN and STUN Server. By sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a malicious user can relay packets to the loopback interface, bypassing default access control protection. This can be achieved even when Coturn is listening on IPv6 by using either `[::1]` or `[::]` as the peer address. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: For Coturn versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue. As a temporary workaround, consider denying the addresses in the address block `0.0.0.0/8`, `[::1]`, and `[::]` by default unless `--allow-loopback-peers` has been specified. Additionally, administrators can specify `--denied-peer-ip=0.0.0.0` (or similar) to prevent malicious users from relaying packets to the loopback interface.

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 13.x through 13.15.0 Asterisk Open Source versions 14.x through 14.4.0 Certified Asterisk versions 13.13 through 13.13-cert3 **Description** The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, via a crafted packet. This is due to a problem in the multi-part body parser in PJSIP. **Recommendations** For Asterisk Open Source versions 13.x through 13.15.0, update to version 13.15.1 or later. For Asterisk Open Source versions 14.x through 14.4.0, update to version 14.4.1 or later. For Certified Asterisk versions 13.13 through 13.13-cert3, update to version 13.13-cert4 or later.