Sébastien Duthil

**Name of the Vulnerable Software and Affected Versions** Asterisk versions 15.x through 15.2.1 **Description** A NULL pointer access issue was discovered in the RTP support of Asterisk. The issue arises when an RTP packet is received and the internal registry of dynamic codecs and desired payload numbers is consulted. If the payload number corresponds to a codec of a different type than the RTP stream, a crash can occur if no stream of that type has been negotiated. This is due to the code incorrectly assuming that a stream of that type would always exist. **Recommendations** For Asterisk versions 15.x through 15.2.1, update to a version that contains a fix for this issue to prevent potential crashes.