Asterisk Project Security Advisory – The IAX2 protocol uses a call number to associate messages with the call that they belong to. However, the protocol defines the call number field in messages as a fixed size 15 bit field. So, if all call numbers are in use, no additional sessions can be handled. A call number gets created at the start of an IAX2 message exchange. So, an attacker can send a large number of messages and consume the call number space. The attack is also possible using spoofed source IP addresses as no handshake is required before a call number is assigned.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/80978/AST-2009-006.txt
Source: https://packetstormsecurity.com/files/80978/Asterisk-Project-Security-Advisory-AST-2009-006.html