# Denial of Service

- [SIPGO: Response DoS vulnerability via nil pointer dereference](/advisories/ES2025-02-sipgo-response-dos.md) (2025-12-17)
- [Sandro talks RTC Security with Safety Detectives](/blog/sandro-talks-rtc-security-with-safetydetectives.md) (2025-08-06)
- [Rtpengine RTP Injection and Media Bleed Vulnerabilities (CVE-2025-53399)](/blog/rtpengine-critical-security-advisory-cve-2025-53399.md) (2025-07-31)
- [New White Paper: DTLS "ClientHello" Race Conditions in WebRTC Implementations](/blog/webrtc-hello-race-conditions-paper.md) (2024-10-15)
- [A Novel DoS Vulnerability affecting WebRTC Media Servers](/blog/novel-dos-vulnerability-affecting-webrtc-media-servers.md) (2024-06-25)
- [FreeSWITCH: denial of service via DTLS Hello packets during call initiation](/advisories/ES2023-02-freeswitch-dtls-hello-race.md) (2023-12-22)
- [Asterisk: denial of service via DTLS Hello packets during call initiation](/advisories/ES2023-01-asterisk-dtls-hello-race.md) (2023-12-15)
- [rtpengine: denial of service via DTLS Hello packets during call initiation](/advisories/ES2023-03-rtpengine-dtls-hello-race.md) (2023-12-15)
- [OpenSIPS Security Audit Report is fully disclosed and out there](/blog/opensips-security-audit-report.md) (2023-03-17)
- [How to perform a DDoS attack simulation](/blog/how-to-perform-ddos-simulation.md) (2022-11-29)
- [Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms](/blog/exploiting-cve-2022-0778-in-openssl-vs-webrtc-platforms.md) (2022-04-08)
- [Killing bugs ... one vulnerability report at a time](/blog/killing-bugs-one-vulnerability-report-at-a-time.md) (2021-10-29)
- [ClueCon: FreeSWITCH Security Advisories](/blog/freeswitch-advisories-presentation.md) (2021-10-25)
- [FreeSWITCH: denial of service via invalid SRTP packets](/advisories/ES2021-09-freeswitch-srtp-dos.md) (2021-10-25)
- [FreeSWITCH: denial of service via SIP flooding](/advisories/ES2021-06-freeswitch-flood-dos.md) (2021-10-25)
- [Why volumetric DDoS cripples VoIP providers and what we see during pentesting](/blog/how-i-learned-to-stop-worrying-and-love-the-flood.md) (2021-10-13)
- [Massive DDoS attacks on VoIP Providers and simulated DDoS testing](/blog/massive-ddos-and-simulated-attacks.md) (2021-09-24)
- [DEMO - An overview of the VoIP and RTC offensive security toolset, SIPVicious PRO](/blog/an-overview-of-the-voip-and-rtc-offensive-security-toolset-sipvicious-pro.md) (2021-05-25)
- [TADSummit Asia 2021 talk about SIPVicious Pro and the Demo Server](/blog/tadsummit-asia-2021-introducing-sipvicious-pro-and-the-demo-server.md) (2021-05-18)
- [VoIPmonitor: buffer overflow in live sniffer](/advisories/ES2021-03-voipmonitor-livesniffer-buffer-overflow.md) (2021-03-15)
- [VoIPmonitor: static builds lack memory corruption protections](/advisories/ES2021-04-voipmonitor-staticbuild-memory-corruption-protection.md) (2021-03-15)
- [sngrep: buffer overflow via malformed SDP media type](/advisories/ES2020-03-sngrep-malformed-media-type.md) (2020-11-20)
- [sngrep: stack overflow via malformed SDP connection address](/advisories/ES2020-04-sngrep-malformed-connection-address.md) (2020-11-20)
- [How doing QA testing for SIPVicious PRO led to an Asterisk DoS](/blog/asterisk-tcp-crash.md) (2020-11-10)
- [Asterisk: crash via INVITE flood over TCP](/advisories/ES2020-02-asterisk-tcp-invite-crash.md) (2020-11-06)
- [Kamailio: off-by-one heap overflow](/advisories/ES2018-05-kamailio-heap-overflow.md) (2018-03-19)
- [Asterisk PJSIP: crash via invalid SDP fmtp attribute](/advisories/ES2018-02-asterisk-pjsip-sdp-invalid-fmtp-segfault.md) (2018-02-22)
- [Asterisk PJSIP: crash via invalid SDP media format description](/advisories/ES2018-03-asterisk-pjsip-sdp-invalid-media-format-description-segfault.md) (2018-02-22)
- [Asterisk PJSIP: crash via repeated INVITE messages over TCP/TLS](/advisories/ES2018-04-asterisk-pjsip-tcp-segfault.md) (2018-02-22)
- [Asterisk PJSIP: stack corruption via large Accept header in SUBSCRIBE](/advisories/ES2018-01-asterisk-pjsip-subscribe-stack-corruption.md) (2018-02-22)
- [Asterisk PJSIP: out-of-bound memory access in multipart parser](/advisories/ES2017-02-asterisk-pjsip-multi-part-crash.md) (2017-05-23)
- [Asterisk Skinny: memory exhaustion denial of service](/advisories/ES2017-03-asterisk-chan-skinny-crash.md) (2017-05-23)