Gmza

**Name of the Vulnerable Software and Affected Versions** Sangoma Asterisk versions 16.x through 16.16.0 Sangoma Asterisk versions 17.x through 17.9.1 Sangoma Asterisk versions 18.x through 18.2.0 Certified Asterisk versions prior to 16.8-cert6 **Description** An issue was discovered in Sangoma Asterisk. When re-negotiating for T.38, if the initial remote response was delayed, Asterisk would send both audio and T.38 in the SDP. If this happened and the remote responded with a declined T.38 stream, then Asterisk would crash. **Recommendations** For Sangoma Asterisk versions 16.x through 16.16.0, update to version 16.16.1 or later. For Sangoma Asterisk versions 17.x through 17.9.1, update to version 17.9.2 or later. For Sangoma Asterisk versions 18.x through 18.2.0, update to version 18.2.1 or later. For Certified Asterisk versions prior to 16.8-cert6, update to version 16.8-cert6 or later.