Christoph Hebeisen

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions prior to 10.5.1 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash due to a NULL pointer dereference. This occurs when a Station Key Pad Button message is sent and a connection is closed in off-hook mode. **Recommendations** For versions prior to 10.5.1, update to version 10.5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.8.x through 1.8.12.0 Asterisk Open Source versions 10.x through 10.4.0 Certified Asterisk versions 1.8.11-cert through 1.8.11-cert1 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a NULL pointer dereference and daemon crash, by closing a connection in off-hook mode. This is due to a problem in the chan skinny.c file within the Skinny channel driver. **Recommendations** For Asterisk Open Source versions 1.8.x through 1.8.12.0, update to version 1.8.12.1 or later. For Asterisk Open Source versions 10.x through 10.4.0, update to version 10.4.1 or later. For Certified Asterisk versions 1.8.11-cert through 1.8.11-cert1, update to version 1.8.11-cert2 or later.