PJProject has a limit on the number of TCP connections
that it can accept. Furthermore, PJProject does not close
TCP connections it accepts. By default, this value is
approximately 60.
An attacker can deplete the number of allowed TCP
connections by opening TCP connections and sending no
data to Asterisk.
If PJProject has been compiled in debug mode, then
once the number of allowed TCP connections has been
depleted, the next attempted TCP connection to Asterisk
will crash due to an assertion in PJProject.
If PJProject has not been compiled in debug mode, then
any further TCP connection attempts will be rejected.
This makes Asterisk unable to process TCP SIP traffic.
Note that this only affects TCP/TLS, since UDP is
connectionless.