Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

AST-2019-005: Remote Crash Vulnerability in audio transcoding

Related Vulnerabilities: CVE-2019-15639  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#9">By Date</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#9">By Thread</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">AST-2019-005: Remote Crash Vulnerability in audio transcoding</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: "Asterisk Security Team" &lt;security () asterisk org&gt;


<em>Date</em>: Thu, 05 Sep 2019 09:49:59 -0500


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">               Asterisk Project Security Advisory - AST-2019-005

          Product         Asterisk                                            
          Summary         Remote Crash Vulnerability in audio transcoding     
     Nature of Advisory   Denial of Service                                   
       Susceptibility     Remote Unauthenticated Sessions                     
          Severity        Minor                                               
       Exploits Known     No                                                  
        Reported On       August 7, 2019                                      
        Reported By       Gregory Massel                                      
         Posted On        
      Last Updated On     August 26, 2019                                     
      Advisory Contact    Jcolp AT sangoma DOT com                            
          CVE Name        CVE-2019-15639                                      

      Description     When audio frames are given to the audio transcoding    
                      support in Asterisk the number of samples are examined  
                      and as part of this a message is output to indicate     
                      that no samples are present. A change was done to       
                      suppress this message for a particular scenario in      
                      which the message was not relevant. This change         
                      assumed that information about the origin of a frame    
                      will always exist when in reality it may not.           
                                                                              
                      This issue presented itself when an RTP packet          
                      containing no audio (and thus no samples) was           
                      received. In a particular transcoding scenario this     
                      audio frame would get turned into a frame with no       
                      origin information. If this new frame was then given    
                      to the audio transcoding support a crash would occur    
                      as no samples and no origin information would be        
                      present. The transcoding scenario requires the          
                      “genericplc” option to be set to enabled (the default)  
                      and a transcoding path from the source format into      
                      signed linear and then from signed linear into another  
                      format.                                                 
                                                                              
                      Note that there may be other scenarios that have not    
                      been found which can cause an audio frame with no       
                      origin to be given to the audio transcoding support     
                      and thus cause a crash.                                 
    Modules Affected  main/translate.c                                        

    Resolution  The “genericplc” option can be disabled in codecs.conf to     
                mitigate the described scenario. It is recommended, however,  
                that Asterisk be upgraded to one of the listed versions or    
                the linked patch applied to protect against potential         
                unknown scenarios.                                            

                               Affected Versions
                 Product               Release Series  
          Asterisk Open Source              13.x       13.28.0                
          Asterisk Open Source              16.x       16.5.0                 

                                  Corrected In  
                     Product                              Release             
               Asterisk Open Source                       13.28.1             
               Asterisk Open Source                        16.5.1             

                                    Patches                        
                               SVN URL                              Revision  
   <a rel="nofollow" href="http://downloads.asterisk.org/pub/security/AST-2019-005-13.diff">http://downloads.asterisk.org/pub/security/AST-2019-005-13.diff</a> Asterisk   
                                                                   13         
   <a rel="nofollow" href="http://downloads.asterisk.org/pub/security/AST-2019-005-16.diff">http://downloads.asterisk.org/pub/security/AST-2019-005-16.diff</a> Asterisk   
                                                                   16         

       Links     <a rel="nofollow" href="https://issues.asterisk.org/jira/browse/ASTERISK-28499">https://issues.asterisk.org/jira/browse/ASTERISK-28499</a>       

    Asterisk Project Security Advisories are posted at                        
    <a rel="nofollow" href="http://www.asterisk.org/security">http://www.asterisk.org/security</a>                                          
                                                                              
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    <a rel="nofollow" href="http://downloads.digium.com/pub/security/AST-2019-005.pdf">http://downloads.digium.com/pub/security/AST-2019-005.pdf</a> and             
    <a rel="nofollow" href="http://downloads.digium.com/pub/security/AST-2019-005.html">http://downloads.digium.com/pub/security/AST-2019-005.html</a>                

                                Revision History
          Date                 Editor                  Revisions Made         
    August 26, 2019    Joshua Colp              Initial revision              

               Asterisk Project Security Advisory - AST-2019-005
               Copyright © 2019 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
</pre><pre style="margin: 0em;">
_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a></pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#9">By Date</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#9">By Thread</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>AST-2019-005: Remote Crash Vulnerability in audio transcoding</strong> <em>Asterisk Security Team (Sep 05)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started