The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Asterisk | Asterisk | 1.2.14 | 1.2.14 |
Asterisk | Asterisk | 1.2.16 | 1.2.16 |
Asterisk | Asterisk | 1.2.15 | 1.2.15 |
Asterisk | Asterisk | 1.4.1 | 1.4.1 |