Asterisk Security Release 20.15.2

asteriskteam · August 28, 2025, 3:05pm

The Asterisk Development Team would like to announce security release
Asterisk 20.15.2.

The release artifacts are available for immediate download at

and

Repository: GitHub - asterisk/asterisk: The official Asterisk Project repository.
Tag: 20.15.2

Change Log for Release asterisk-20.15.2

Links:

Summary:

Commits: 1
Commit Authors: 1
Issues Resolved: 0
Security Advisories Resolved: 1
- GHSA-64qc-9x89-rx5j: A specifically malformed Authorization header in an incoming SIP request can cause Asterisk to crash

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

George Joseph: (1)

Issue and Commit Detail:

Closed Issues:

!GHSA-64qc-9x89-rx5j: A specifically malformed Authorization header in an incoming SIP request can cause Asterisk to crash

Commits By Author:

George Joseph (1):
- res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.

Commit List:

res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.

Commit Details:

res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.

Author: George Joseph
Date: 2025-08-28

In the highly-unlikely event that get_authorization_hdr() couldn’t find an
Authorization header in a request, trying to get the digest algorithm
would cauase a SEGV. We now check that we have an auth header that matches
the realm before trying to get the algorithm from it.

Resolves: #GHSA-64qc-9x89-rx5j

Topic		Replies	Views
Asterisk Security Release 21.10.2 Asterisk News	2	12	August 28, 2025
Asterisk Security Release 22.5.2 Asterisk News	2	46	August 28, 2025
Asterisk 13.18.5, 14.7.5, 15.1.5 and 13.18-cert2 Now Available (Security) Asterisk News	2	1351	January 22, 2018
Asterisk 13.13-cert4, 13.15.1, 14.4.1 Now Available (Security Release) Asterisk	2	584	May 30, 2017
Malformed SIP Header crashing Asterisk - Opinion needed Asterisk Support	2	308	December 9, 2014