The vulnerability stems from two primary software weaknesses:
Set noload = res_resolver_unbound.so in your modules.conf file.
This vulnerability impacts several specific versions of Asterisk and Certified Asterisk: Versions prior to 18.24.3, 20.9.3, and 21.4.3. 42491 rar
The most effective way to protect your infrastructure is to to the patched versions listed above. If an immediate upgrade isn't possible, there are two common workarounds:
The system attempts to access a pointer that it expects to be valid but is actually NULL. If an immediate upgrade isn't possible, there are
Versions prior to 18.9-cert12 and 20.7-cert2. How to Secure Your System
At its core, CVE-2024-42491 is a critical flaw related to how Asterisk handles Session Initiation Protocol (SIP) requests. Specifically, if the res_resolver_unbound module is loaded and the system attempts to send a request to a URI with a host portion starting with .1 or [.1] , the system can suffer a segmentation fault (SEGV) and crash. The Technical "Why" If an immediate upgrade isn't possible
Set rewrite_contact = yes on all PJSIP endpoints. Final Thoughts