asterisk -- multiple vulnerabilities
The Asterisk project reports:
AST-2018-004 - When processing a SUBSCRIBE request the
res_pjsip_pubsub module stores the accepted formats present
in the Accept headers of the request. This code did not
limit the number of headers it processed despite having
a fixed limit of 32. If more than 32 Accept headers were
present the code would write outside of its memory and
cause a crash.
AST-2018-005 - A crash occurs when a number of
authenticated INVITE messages are sent over TCP or TLS
and then the connection is suddenly closed. This issue
leads to a segmentation fault.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright