CVE-2014-8414

Name of the Vulnerable Software and Affected Versions Asterisk versions 11.x through 11.14.0 Asterisk Certified versions 11.6 through 11.6-cert7

Description The issue allows remote attackers to cause a denial of service, resulting in channel hang and memory consumption. This occurs when state changes are not properly handled, causing transitions to be delayed and triggering a state change from hung up to waiting for media.

Recommendations For Asterisk versions 11.x through 11.14.0, update to version 11.14.1 or later. For Asterisk Certified versions 11.6 through 11.6-cert7, update to version 11.6-cert8 or later.