Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-5642

Published: 09/09/2013 Updated: 12/09/2013
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Asterisk Digiumphones

Vulnerability Summary

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x prior to 1.8.23.1, 10.x prior to 10.12.3, and 11.x prior to 11.5.1; Certified Asterisk 1.8.15 prior to 1.8.15-cert3 and 11.2 prior to 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones prior to 10.12.3-digiumphones allows remote malicious users to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.

Vulnerable Product Search on Vulmon Subscribe to Product

digium asterisk digiumphones 10.11.0

digium asterisk digiumphones 10.12.0

digium asterisk 10.12.0

digium asterisk digiumphones 10.0.0

digium asterisk digiumphones 10.12.1

digium asterisk digiumphones 10.12.2

digium asterisk 10.11.0

digium certified asterisk 11.2.0

digium certified asterisk 1.8.15

digium asterisk 11.2.0

digium asterisk 11.3.0

digium asterisk 11.5.0

digium asterisk 11.0.2

digium asterisk 11.1.0

digium asterisk 1.8.23.0

digium asterisk 1.8.22.0

digium asterisk 1.8.19.0

digium asterisk 10.12.2

digium asterisk 10.12.1

digium asterisk 10.10.0

digium asterisk 11.4.0

digium asterisk 11.5.1

digium asterisk 11.0.0

digium asterisk 11.1.1

digium asterisk 11.1.2

digium asterisk 1.8.20.0

digium asterisk 1.8.21.0

digium asterisk 1.8.17.0

digium asterisk 1.8.18.0

digium asterisk 1.8.19.1

digium asterisk 11.0.1

digium asterisk 1.8.18.1

Vendor Advisories

Debian CVElist Bug Report Logs: asterisk: CVE-2013-5641 CVE-2013-5642
Debian Bug report logs - #721220 asterisk: CVE-2013-5641 CVE-2013-5642 Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 29 Aug 2013 08:27: ...
Debian Security Advisories: DSA-2749-1 asterisk -- several vulnerabilities
Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk - an open source PBX and telephony toolkit -, which could result in denial of service For the oldstable distribution (squeeze), these problems have been fixed in version 1:1629-2+squeeze11 For the stable distribution (wheezy), these proble ...

References

CWE-20http://downloads.asterisk.org/pub/security/AST-2013-005.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:223http://www.securitytracker.com/id/1028957http://osvdb.org/96690http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.htmlhttp://www.securityfocus.com/bid/62022https://issues.asterisk.org/jira/browse/ASTERISK-22007http://secunia.com/advisories/54534http://www.debian.org/security/2013/dsa-2749http://secunia.com/advisories/54617https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220https://www.debian.org/security/./dsa-2749https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook