In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.
Stabilization for version 11.25.3 will be done in bug 629682.
Added to an existing GLSA request.
Gentoo Security Padawan
This issue was resolved and addressed in
GLSA 201710-29 at https://security.gentoo.org/glsa/201710-29
by GLSA coordinator Aaron Bauman (b-man).