Ben Klang

**Name of the Vulnerable Software and Affected Versions** Asterisk versions 11.x through 11.14.0 Asterisk Certified versions 11.6 through 11.6-cert7 **Description** The issue allows remote attackers to cause a denial of service, resulting in channel hang and memory consumption. This occurs when state changes are not properly handled, causing transitions to be delayed and triggering a state change from hung up to waiting for media. **Recommendations** For Asterisk versions 11.x through 11.14.0, update to version 11.14.1 or later. For Asterisk Certified versions 11.6 through 11.6-cert7, update to version 11.6-cert8 or later.