N/A

PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.

N/A

N/A

Digium Asterisk Open Source和Certified Asterisk 缓冲区错误漏洞

Digium Asterisk Open Source和Certified Asterisk都是美国Digium公司的开源电话交换机（PBX）系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。PJSIP是其中的一个多媒体通信库。multi-part body parser是其中的一个解析器。 Digium Asterisk Open Source和Certified Asterisk中使用的PJSIP存在安全漏洞。远程攻击者可借助特制的SIP数据包利用该漏洞造成拒绝服务（缓冲区溢出和

N/A

N/A