vulnerability
FreeBSD: VID-5cb18881-7604-11e6-b362-001999f8d30b: asterisk -- RTP Resource Exhaustion
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:N/A:C) | Sep 8, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:C)
Published
Sep 8, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
The Asterisk project reports: The overlap dialing feature in chan_sip allows chan_sip to report to a device that the number that has been dialed is incomplete and more digits are required. If this functionality is used with a device that has performed username/password authentication RTP resources are leaked. This occurs because the code fails to release the old RTP resources before allocating new ones in this scenario. If all resources are used then RTP port exhaustion will occur and no RTP sessions are able to be set up. If overlap dialing support is not needed the "allowoverlap" option can be set to no. This will stop any usage of the scenario which causes the resource exhaustion.
Solutions
freebsd-upgrade-package-asterisk11freebsd-upgrade-package-asterisk13
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.