chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x prior to 1.8.7.1 and 10.x prior to 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
asterisk open source 10.0.0 |
||
asterisk open source 1.8.7 |