Kristijan Vrban

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.6.2.x through 1.6.2.20 Asterisk Open Source versions 1.8.x through 1.8.7.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a crafted sequence of SIP requests when automon is enabled. This is due to a NULL pointer dereference in the `handle request info` function. **Recommendations** For Asterisk Open Source versions 1.6.2.x through 1.6.2.20, update to version 1.6.2.21 or later. For Asterisk Open Source versions 1.8.x through 1.8.7.1, update to version 1.8.7.2 or later.