CVE-2016-2232

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.8.x through 11.21.1, 12.x, and 13.x through 13.7.1 Certified Asterisk versions 1.8.28, 11.6 through 11.6-cert12, and 13.1 through 13.1-cert3

Description The issue is related to errors in pointer handling, which can be exploited by remote authenticated users to cause a denial of service. This is achieved through a zero-length error correcting redundancy packet for a lost UDPTL FAX packet, resulting in an uninitialized pointer dereference and crash.

Recommendations For Asterisk Open Source versions 1.8.x through 11.21.1, update to version 11.21.1 or later. For Asterisk Open Source versions 12.x, update to version 13.7.1 or later. For Asterisk Open Source versions 13.x through 13.7.1, update to version 13.7.1 or later. For Certified Asterisk versions 1.8.28, update to version 11.6-cert12 or later. For Certified Asterisk versions 11.6 through 11.6-cert12, update to version 11.6-cert12 or later. For Certified Asterisk versions 13.1 through 13.1-cert3, update to version 13.1-cert3 or later.