There is a remotely exploitable stack buffer overflow in HTTP digest authentication handling in Asterisk. This vulnerability includes the possibility of code execution with plenty of stack space for inserting custom code to run. I wrote an example exploit to verify that the vulnerability and confirmed it against the latest code in the 1.8 branch.
The offending code is in main/utils.c, ast_parse_digest().
Note that the only user of ast_parse_digest appears to be HTTP AMI.
chan_sip has its own method to parse digests that does not appear to have this vulnerability.