N/A

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.

N/A

N/A

Digium Asterisk Open Source 输入验证漏洞

Digium Asterisk是美国Digium公司的一套开源的电话交换机（PBX）系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Digium Asterisk Open Source 12.1.1之前的12.x版本的PJSIP Channel驱动程序中存在安全漏洞。当‘qualify_frequency’配置选项设置为‘AOR’时，远程攻击者可利用该漏洞造成拒绝服务（崩溃）。

N/A

N/A