Asterisk is "an open source telephony engine and toolkit. Asterisk implements the Session Initiation Protocol (SIP)". The Mu Security Research team has found two security issues in the SDP parser in Asterisk 1.4.18. One is an invalid write to an attacker-controllable, almost arbitrary memory location and the other is a stack buffer overflow with limited attacker-controllable values.

http://www.securiteam.com/unixfocus/5KP0A2KNQC.html