关键信息 漏洞ID: AST-2021-005 产品: Asterisk 漏洞摘要: Remote Crash Vulnerability in PJSIP channel driver 性质: Denial of Service 暴露方式: Remote Unauthenticated Sessions 严重性: Moderate 已知漏洞利用: No 报告日期: December 4, 2020 报告人: Mauri de Souza Meneguzzo (3CPlus) 发布日期: February 8, 2021 最后更新日期: February 8, 2021 公告联系人: Jcolp AT sangoma DOT com CVE名称: CVE-2021-26906 描述: 在从Asterisk向远程SIP服务器发起外向呼叫的情况下,可能会发生崩溃。 模块受影响: res_pjsip_session.c, PJSIP 解决: 该问题已在PJSIP中通过更改pjmedia_sdp_neg_modify_local_offer2函数的行为得到解决。现在代码不再假定SDP已成功协商,而是检查SDP是否已协商。 受影响版本: Asterisk Open Source: All versions (13.x, 16.x, 17.x, 18.x) Certified Asterisk: All versions (16.x) 修复版本: Asterisk Open Source: 13.38.2, 16.6.1, 17.9.2, 18.2.1 Certified Asterisk: 16.8-cert6 补丁: AST-2021-005-13.diff (Asterisk 13) AST-2021-005-16.diff (Asterisk 16) AST-2021-005-17.diff (Asterisk 17) AST-2021-005-18.diff (Asterisk 18) AST-2021-005-16.8.diff (Certified Asterisk 16.8) 相关链接: ASTERISK-29196 AST-2021-005.html