5
CVSSv2

CVE-2013-5642

Published: 09/09/2013 Updated: 12/09/2013
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x prior to 1.8.23.1, 10.x prior to 10.12.3, and 11.x prior to 11.5.1; Certified Asterisk 1.8.15 prior to 1.8.15-cert3 and 11.2 prior to 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones prior to 10.12.3-digiumphones allows remote malicious users to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.

Vulnerable Product Search on Vulmon Subscribe to Product

digium asterisk digiumphones 10.11.0

digium asterisk digiumphones 10.12.0

digium asterisk 10.12.0

digium asterisk digiumphones 10.0.0

digium asterisk digiumphones 10.12.1

digium asterisk digiumphones 10.12.2

digium asterisk 10.11.0

digium certified asterisk 11.2.0

digium certified asterisk 1.8.15

digium asterisk 11.2.0

digium asterisk 11.3.0

digium asterisk 11.5.0

digium asterisk 11.0.2

digium asterisk 11.1.0

digium asterisk 1.8.23.0

digium asterisk 1.8.22.0

digium asterisk 1.8.19.0

digium asterisk 10.12.2

digium asterisk 10.12.1

digium asterisk 10.10.0

digium asterisk 11.4.0

digium asterisk 11.5.1

digium asterisk 11.0.0

digium asterisk 11.1.1

digium asterisk 11.1.2

digium asterisk 1.8.20.0

digium asterisk 1.8.21.0

digium asterisk 1.8.17.0

digium asterisk 1.8.18.0

digium asterisk 1.8.19.1

digium asterisk 11.0.1

digium asterisk 1.8.18.1

Vendor Advisories

Debian Bug report logs - #721220 asterisk: CVE-2013-5641 CVE-2013-5642 Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 29 Aug 2013 08:27: ...
Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk - an open source PBX and telephony toolkit -, which could result in denial of service For the oldstable distribution (squeeze), these problems have been fixed in version 1:1629-2+squeeze11 For the stable distribution (wheezy), these proble ...