Francesco Castellano

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 13.27.0 and earlier, 14.x, 15.x through 15.7.2, and 16.x through 16.4.0 Certified Asterisk version 13.21-cert3 **Description** An issue allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this, an attacker must cause the chan sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec, which is not permitted according to the chan sip configuration. **Recommendations** For Asterisk Open Source versions 13.27.0 and earlier, 14.x, 15.x through 15.7.2, and 16.x through 16.4.0, update to a version that contains a fix for this issue. For Certified Asterisk version 13.21-cert3, update to a version that contains a fix for this issue. As a temporary workaround, consider disabling the chan sip module until a patch is available. Restrict access to the T.38 re-invite request to minimize the risk of exploitation. Avoid using the SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec in the affected chan sip configuration until the issue is resolved.