N/A

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.

N/A

N/A

Digium Asterisk Open Source和Certified Asterisk 输入验证漏洞

Digium Asterisk是美国Digium公司的一套开源的电话交换机（PBX）系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Asterisk Open Source和Certified Asterisk的channels/chan_sip.c文件中存在安全漏洞。远程攻击者可发送带有畸形或无效值的Session-Expires或Min-SE头的INVITE请求利用该漏洞造成拒绝服务（Channel和文件描述符消耗）。以下版本受到影响：Asterisk Open Source

N/A

N/A