Philippe Lindheimer

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 11.x through 11.12.0 Asterisk Open Source versions 12.x through 12.4.0 Certified Asterisk versions 11.6 through 11.6-cert5 **Description** The issue allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application when using the res fax spandsp module. **Recommendations** For Asterisk Open Source versions 11.x through 11.12.0, update to version 11.12.1 or later. For Asterisk Open Source versions 12.x through 12.4.0, update to version 12.5.1 or later. For Certified Asterisk versions 11.6 through 11.6-cert5, update to version 11.6-cert6 or later.