CVE-2014-8416

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 12.x through 12.7.0 Asterisk Open Source versions 13.x through 13.0.0

Description The issue is related to a use-after-free vulnerability in the PJSIP channel driver. This vulnerability can be triggered by an in-dialog INVITE with Replaces message, causing the channel to be hung up and resulting in a denial of service (crash). The res pjsip refer module is involved in this issue.

Recommendations For Asterisk Open Source versions 12.x through 12.7.0, update to version 12.7.1 or later. For Asterisk Open Source versions 13.x through 13.0.0, update to version 13.0.1 or later.