The PJSIP channel driver in Asterisk Open Source 12.x prior to 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote malicious users to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digium asterisk 12.1.0 |
||
digium asterisk 12.0.0 |