Richard Mudgett discovered that Asterisk did not properly check the length
of input string when setting the user field for PartyB on a CDR. A remote
attacker could use this vulnerability to cause a denial of service (crash)
or potentially execute arbitrary code. (CVE-2017-16671)
Alex Villacis Lasso discovered that Asterisk did not properly check the
length of input string when setting the user field for PartyA on a CDR. A
remote attacker could use this vulnerability to cause a denial of service
(crash) or potentially execute arbitrary code. (CVE-2017-7617)