manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before
1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a
denial of service (CPU and memory consumption) via a series of manager
sessions involving invalid data.