Asterisk Two Denial of Service Vulnerabilities
The vulnerabilities are reported in versions 1.8.x, 10.x, and 11.x.
Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).
A remote user can send specially crafted data to consume excessive resources on the target system. Systems configured to allow anonymous calls are affected. A remote authenticated user can also exploit this via HTTP and XMPP.
An error when handling TCP sessions can be exploited to cause a stack overflow and crash the service.
An error when handling device state caches can be exploited to consume excessive system resources.