AST-2017-011: Memory leak in pjsip session resource Nov 08 2017 07:16PM
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2017-011

Product Asterisk
Summary Memory leak in pjsip session resource
Nature of Advisory Memory leak
Susceptibility Remote Sessions
Severity Minor
Exploits Known No
Reported On October 15, 2017
Reported By Correy Farrell
Posted On
Last Updated On October 19, 2017
Advisory Contact kharwell AT digium DOT com
CVE Name

Description A memory leak occurs when an Asterisk pjsip session object
is created and that call gets rejected before the session
itself is fully established. When this happens the session
object never gets destroyed.

Resolution Asterisk now releases the session object and all associated
memory when a call gets rejected.

Affected Versions
Product Release
Asterisk Open Source 13.x 13.5.0+
Asterisk Open Source 14.x All Releases
Asterisk Open Source 15.x All Releases
Certified Asterisk 13.13 All Releases

Corrected In
Product Release
Asterisk Open Source 13.18.1, 14.7.1, 15.1.1
Certified Asterisk 13.13-cert7

SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2017-011-13.diff Asterisk
http://downloads.asterisk.org/pub/security/AST-2017-011-14.diff Asterisk
http://downloads.asterisk.org/pub/security/AST-2017-011-15.diff Asterisk
http://downloads.asterisk.org/pub/security/AST-2017-011-13.13.diff Certified

Links https://issues.asterisk.org/jira/browse/ASTERISK-27345

Asterisk Project Security Advisories are posted at

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2017-011.pdf and

Revision History
Date Editor Revisions Made
October 19, 2017 Kevin Harwell Initial Revision

Asterisk Project Security Advisory - AST-2017-011
Copyright (c) 2017 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus