Salah Ahmed

**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 13.21-x Certified Asterisk versions prior to 13.21-x **Description** The issue is related to a null pointer dereference in the res pjsip t38.c component of Asterisk and Certified Asterisk systems. This can be exploited by a remote attacker to cause a denial of service. The vulnerability is triggered when the system receives a re-invite for T.38 faxing with a port of 0 and no c line in the SDP. **Recommendations** For Asterisk versions prior to 13.21-x, update to version 13.21-x or later to resolve the issue. For Certified Asterisk versions prior to 13.21-x, update to version 13.21-x or later to resolve the issue. As a temporary workaround, consider restricting access to the `res pjsip t38.c` component until a patch is available.