Catalin Sanda

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.8.x through 1.8.8.1 Asterisk Open Source versions 10.x through 10.0.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a crafted SDP message with a crypto attribute and a video or text media type. This can be exploited when the res srtp module is used and media support is improperly configured. **Recommendations** For Asterisk Open Source versions 1.8.x through 1.8.8.1, update to version 1.8.8.2 or later. For Asterisk Open Source versions 10.x through 10.0.0, update to version 10.0.1 or later.