Asterisk SIP Authorization Header Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in Asterisk, an open-source private branch exchange and telephony toolkit. The issue affects versions through 22.5.1, 21.10.1, and 20.15.1. The vulnerability arises in the 'res_pjsip_authenticator_digest' module, specifically within the 'get_authorization_header()' function. When a SIP request is received with an Authorization header that includes a realm not present in a prior 401 response's WWW-Authenticate header, or if an Authorization header with an incorrect realm is received without a preceding 401 response, the function will return NULL. This NULL return value is not properly checked before attempting to retrieve the digest algorithm from the header, leading to a segmentation fault and causing Asterisk to crash.

Impact

Exploitation of this vulnerability causes Asterisk to crash, creating a denial-of-service condition.

Remediation

Users can upgrade to Asterisk versions 22.5.2, 21.10.2, or 20.15.2 to address this vulnerability.