Etienne Lessard

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 11.x through 11.23.0 Asterisk Open Source versions 13.x through 13.11.0 Certified Asterisk versions 11.6 through 11.6-cert14 Certified Asterisk versions 13.8 through 13.8-cert2 **Description** The issue allows remote attackers to cause a denial of service, specifically port exhaustion, by exploiting the `chain sip` component. **Recommendations** For Asterisk Open Source versions 11.x through 11.23.0, update to version 11.23.1 or later. For Asterisk Open Source versions 13.x through 13.11.0, update to version 13.11.1 or later. For Certified Asterisk versions 11.6 through 11.6-cert14, update to version 11.6-cert15 or later. For Certified Asterisk versions 13.8 through 13.8-cert2, update to version 13.8-cert3 or later.