Yaron Nahum

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 12.x through 12.7.0 Asterisk Open Source versions 13.x through 13.0.0 **Description** A race condition exists in the chan pjsip channel driver, allowing remote attackers to cause a denial of service via a cancel request for a SIP session with a queued action to answer a session or send ringing. **Recommendations** For Asterisk Open Source versions 12.x through 12.7.0, update to version 12.7.1 or later. For Asterisk Open Source versions 13.x through 13.0.0, update to version 13.0.1 or later.