Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x prior to 12.7.1 and 13.x prior to 13.0.1, when using the res_pjsip_refer module, allows remote malicious users to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digium asterisk |