Leif Madsen

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.8.x through 1.8.19.0 Asterisk Open Source versions 10.x through 10.11.0 Asterisk Open Source versions 11.x through 11.1.1 Certified Asterisk version 1.8.11 before 1.8.11-cert10 Asterisk Digiumphones versions 10.x-digiumphones through 10.11.0-digiumphones **Description** The issue allows remote attackers to cause a denial of service by making anonymous calls from multiple sources, resulting in excessive resource consumption due to the addition of many entries to the device state cache when anonymous calls are enabled. **Recommendations** For Asterisk Open Source versions 1.8.x through 1.8.19.0, update to version 1.8.19.1 or later. For Asterisk Open Source versions 10.x through 10.11.0, update to version 10.11.1 or later. For Asterisk Open Source versions 11.x through 11.1.1, update to version 11.1.2 or later. For Certified Asterisk version 1.8.11 before 1.8.11-cert10, update to 1.8.11-cert10 or later. For Asterisk Digiumphones versions 10.x-digiumphones through 10.11.0-digiumphones, update to version 10.11.1-digiumphones or later.