Diogo Hartmann

Name of the Vulnerable Software and Affected Versions: Asterisk versions 13.38.1 and earlier, 14.x, 15.x, 16.x through 16.16.0, 17.x through 17.9.1, and 18.x through 18.2.0 Certified Asterisk versions 16.8-cert5 and earlier Description: An issue in res pjsip session.c allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure in PJSIP. Recommendations: For Asterisk versions 13.38.1 and earlier, 14.x, 15.x, 16.x through 16.16.0, 17.x through 17.9.1, and 18.x through 18.2.0, update to a version that contains a fix for this issue. For Certified Asterisk versions 16.8-cert5 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the PJSIP module to minimize the risk of exploitation.