Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession.
514c38f88457c5adefa470f62cfa4733ee26d4eda6458c3b24c7bb21f2ec9701
An unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely.
c6b2cb980ac1c471ada712a10083d5e4a2f109aa8638a11055f9f18afbbc09ab
If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the ???Supported??? header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash.
2f45006a2c9afadddcf34831d258755849dc791b989f4dce2ef9bb09888bc8d9
Asterisk Project Security Advisory - A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
fda4a6a55d938370b2cff51231d5b5cedb7a698db9552d692348f87f6dd26560