Lucas Molas

**Name of the Vulnerable Software and Affected Versions** ASN1C for C/C++ versions prior to 7.0.2 **Description** The issue is related to an integer overflow in the `rtxMemHeapAlloc` function within the `asn1rt a.lib` library of ASN1C for C/C++. This can be exploited by context-dependent attackers using crafted ASN.1 data to potentially execute arbitrary code or cause a denial of service through a heap-based buffer overflow on systems running applications compiled by ASN1C. **Recommendations** For versions prior to 7.0.2, update to version 7.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.8.x through 1.8.25, 11.8.x through 11.8.0, and 12.1.x through 12.1.0 Asterisk Open Source version 1.8.26.1 is not affected, but versions prior to it are Certified Asterisk versions 1.8.x through 1.8.15-cert4 and 11.6 through 11.6-cert1 **Description** The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. **Recommendations** For Asterisk Open Source versions 1.8.x through 1.8.25, update to version 1.8.26.1 or later. For Asterisk Open Source versions 11.8.x through 11.8.0, update to version 11.8.1 or later. For Asterisk Open Source versions 12.1.x through 12.1.0, update to version 12.1.1 or later. For Certified Asterisk versions 1.8.x through 1.8.15-cert4, update to version 1.8.15-cert5 or later. For Certified Asterisk versions 11.6 through 11.6-cert1, update to version 11.6-cert2 or later.