N/A

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.

N/A

N/A

Digium Asterisk Open Source 安全漏洞

Digium Asterisk Open Source是美国Digium公司的一套开源的电话交换机（PBX）系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Digium Asterisk Open Source中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。以下版本受到影响：Asterisk Open Source 13.12.x版本，13.13.1之前的13.13.x版本，14.2.1之前的14.x版本。

N/A

N/A