What can we help you find?

Security Advisories

Stay up to date with the latest security advisories for the Asterisk Project.

Asterisk 13.18.4, 14.7.4, 15.1.4 and Certified Asterisk 13, 13-cert9 Now Available

Dec 13, 2017

The Asterisk Development Team has announced security releases for
Certified Asterisk 13.13 and Asterisk 13, 14 and 15.  The available
security releases are released as versions 13.13-cert9, 13.18.4,
14.7.4 and 15.1.4.

These releases are available for immediate download at

The release of these versions resolves the following security

* AST-2017-012: Remote Crash Vulnerability in RTCP Stack
  If a compound RTCP packet is received containing more than
  one report (for example a Receiver Report and a Sender
  Report) the RTCP stack will incorrectly store report
  information outside of allocated memory potentially causing
  a crash.

For a full list of changes in the current releases, please see the

The security advisories are available at:

Thank you for your continued support of Asterisk


AST-2017-013: DOS Vulnerability in Asterisk chan_skinny

Dec 1, 2017

AST-2017-011: Memory leak in pjsip session resource

Nov 8, 2017

AST-2017-010: Buffer overflow in CDR's set user

Nov 8, 2017

AST-2017-009: Buffer overflow in pjproject header parsing can cause crash in Asterisk

Nov 8, 2017


Subscribe to