Matthew Nicholson

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.4.x through 1.4.39.1 Asterisk Open Source versions 1.6.1.x through 1.6.1.21 Asterisk Open Source versions 1.6.2.x through 1.6.2.16.1 Asterisk Open Source versions 1.8.x through 1.8.2.3 Asterisk Business Edition C.x.x through C.3.6.2 AsteriskNOW version 1.5 s800i (Asterisk Appliance) **Description** The issue is caused by multiple stack-based and heap-based buffer overflows in the `decode open type` and `udptl rx packet` functions in `main/udptl.c`, which can be exploited by remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet when T.38 support is enabled. **Recommendations** For Asterisk Open Source versions 1.4.x through 1.4.39.1, update to version 1.4.39.2 or later. For Asterisk Open Source versions 1.6.1.x through 1.6.1.21, update to version 1.6.1.22 or later. For Asterisk Open Source versions 1.6.2.x through 1.6.2.16.1, update to version 1.6.2.16.2 or later. For Asterisk Open Source versions 1.8.x through 1.8.2.3, update to version 1.8.2.4 or later. For Asterisk Business Edition C.x.x through C.3.6.2, update to version C.3.6.3 or later. For AsteriskNOW version 1.5, consider upgrading to a newer version. For s800i (Asterisk Appliance), update to a patched version or apply the recommended fix.