Asterisk 15.2.0 chan_pjsip SUBSCRIBE Stack Corruption

Asterisk running chan_pjsip suffers from a SUBSCRIBE message stack corruption vulnerability. Vulnerable versions include 15.2.0, 13.19.0, 14.7.5, and 13.11.2.

https://github.com/EnableSecurity/advisories/tree/master/ES2018-01-asterisk-pjsip-subscribe-stack-corruption

This vulnerability was discovered during an exercise with Sandro Gauci of Enable Security