Jaredmauch

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.8.x through 1.8.4.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a SIP packet with a Contact header that lacks a < character. This is due to a NULL pointer dereference in the SIP channel driver. **Recommendations** For Asterisk Open Source versions 1.8.x through 1.8.4.2, update to version 1.8.4.3 or later to resolve the issue.