Bug#991931: CVE-2021-32686 / AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during handshake
Bernhard Schmidt
berni at debian.org
Fri Aug 6 09:02:53 BST 2021
Package: src:asterisk
Severity: serious
Tags: security upstream patch
https://downloads.asterisk.org/pub/security/AST-2021-009.html
Summary: pjproject/pjsip: crash when SSL socket destroyed during handshake
Nature of Advisory: Denial of service
Susceptibility: Remote unauthenticated sessions
Severity: Major
Exploits Known: Yes
Description
| Depending on the timing, it’s possible for Asterisk to crash when using a TLS
| connection if the underlying socket parent/listener gets destroyed during the
| handshake.
More information about the Pkg-voip-maintainers
mailing list