Ivan Poddubny

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 16.19.1 Asterisk versions prior to 18.5.1 **Description** The issue is related to the incorrect handling of a re-INVITE after a BYE request has been sent. This can be exploited by a remote attacker, allowing them to cause a denial of service. The exploitation requires a re-INVITE without SDP to be received after Asterisk has sent a BYE request. **Recommendations** For Asterisk versions prior to 16.19.1, update to version 16.19.1 or later. For Asterisk versions prior to 18.5.1, update to version 18.5.1 or later.

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 Description: A buffer overflow in the `res pjsip diversion.c` file allows a remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. Recommendations: For versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the `res pjsip diversion.c` module to minimize the risk of exploitation.