Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP
request that is handled by Asterisk with a large number of Cookie
headers could overflow the stack. You could even exhaust memory if you
sent an unlimited number of headers in the request.
Denial of Service Through File Descriptor Exhaustion with chan_sip
Session-Timers. An attacker can use all available file descriptors
using SIP INVITE requests. Asterisk will respond with code 400, 420,
or 422 for INVITEs meeting this criteria.
Each INVITE meeting these conditions will leak a channel and several
file descriptors. The file descriptors cannot be released without
restarting Asterisk which may allow intrusion detection systems to be
bypassed by sending the requests slowly.
Remote Crash Vulnerability in PJSIP channel driver. A remotely
exploitable crash vulnerability exists in the PJSIP channel driver if
the "qualify_frequency" configuration option is enabled on an AOR and
the remote SIP server challenges for authentication of the resulting
OPTIONS request. The response handling code wrongly assumes that a
PJSIP endpoint will always be associated with an outgoing request which
is incorrect.