Red Hat Bugzilla – Bug 688678
CVE-2011-1175 asterisk: DoS in TCP/TLS server due to NULL ptr deref (AST-2011-004)
Last modified: 2011-05-16 17:27:00 EDT
AST-2011-004  describes a remote crash vulnerability in the Asterisk TCP/TLS server. If a remote, unauthenticated, attacker were to rapidly open and close TCP connections to services using the ast_tcptls_* API, they could cause Asterisk to crash after dereferencing a NULL pointer. This flaw affects 1.6.2.x and 1.8.x, and is corrected in 18.104.22.168.1 and 22.214.171.124.
This is assigned CVE-2011-1175.
This is corrected via these builds that have the fixes from upstream: