Berni

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 13.x through 13.14.0 Asterisk Open Source versions 14.x through 14.3.0 Certified Asterisk versions 13.13 through 13.13-cert2 **Description** Remote code execution can occur due to a buffer overflow in a CDR user field, related to `X-ClientCode` in `chan sip`, the CDR dialplan function, and the AMI `Monitor` action. **Recommendations** For Asterisk Open Source versions 13.x through 13.14.0, update to version 13.14.1 or later. For Asterisk Open Source versions 14.x through 14.3.0, update to version 14.3.1 or later. For Certified Asterisk versions 13.13 through 13.13-cert2, update to version 13.13-cert3 or later.