Friday, November 6, 2020
Asterisk Project Security Advisory - AST-2020-002
advisory
In: advisory
Asterisk Project Security Advisory - If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. Asterisk Project Security Advisory - AST-2020-002