The Asterisk Development Team has announced security releases for Certified Asterisk
13.13 and Asterisk 13 and 14. The available security releases are released as versions 13.13-cert3, 13.14.1, and 14.3.1.
These releases are available for immediate download at
The release of these versions resolves the following security vulnerabilities:
* AST-2017-001: Buffer overflow in CDR’s set user
No size checking is done when setting the user field on a CDR. Thus,
it is possible for someone to use an arbitrarily large string and write past
the end of the user field storage buffer. This allows the possibility of remote
For a full list of changes in the current releases, please see the ChangeLogs:
The security advisories are available at:
Thank you for your continued support of Asterisk!