Thomas Arimont

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.8.x through 1.8.11.0 Asterisk Open Source versions 10.x through 10.3.0 Asterisk Business Edition C.3.x through C.3.7.3 **Description** The issue allows remote authenticated users to cause a denial of service by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel, when the trustrpid option is enabled. **Recommendations** For Asterisk Open Source versions 1.8.x through 1.8.11.0, update to version 1.8.11.1 or later. For Asterisk Open Source versions 10.x through 10.3.0, update to version 10.3.1 or later. For Asterisk Business Edition C.3.x through C.3.7.3, update to version C.3.7.4 or later.