The Mu Security Research team has found two security issues in the SDP parser in Asterisk 1.4.18. One is an invalid write to an attacker-controllable, almost arbitrary memory location and the other is a stack buffer overflow with limited attacker-controllable values.
22b9f55626db7117f3ba9d0b616eac257212d9c93020ffbcecfcfa095604f614
Asterisk Project Security Advisory - Two buffer overflows exist in the RTP payload handling code of Asterisk. Both overflows can be caused by an INVITE or any other SIP packet with SDP. The request may need to be authenticated depending on configuration of the Asterisk installation.
7af0f5f8834e1ec6cfc12a2131ca26a0a7c955b7d3cc5c93dab300406251ab4b