If an incoming SIP message contains a malformed multi-part body an out-of-bounds read access may occur, which can result in undefined behavior. Note, it is currently uncertain if there is any externally exploitable vector within Asterisk for this issue, but they are providing this as a security issue out of caution.
97b8999a7c776bc25667d248af8128d9089bb735a74f21b5e8602a90fb5d57dc
When acting as a UAC, and when placing an outgoing call to a target that then forks, Asterisk may experience undefined behavior after a dialog set is prematurely freed.
caf0098653c4aa078aff32dd6a697ddb405273dec27531e5365356d26193b7fe
The header length on incoming STUN messages that contain an ERROR-CODE attribute is not properly checked. This can result in an integer underflow. Note, this requires ICE or WebRTC support to be in use with a malicious remote party.
b4d958ee6e32f6f622c4ae3b0cd99a1c00dcde4578e8d8eca299633634cfec4c