Published: 18/04/2014 Updated: 21/04/2014

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

channels/chan_sip.c in Asterisk Open Source 1.8.x prior to 1.8.26.1, 11.8.x prior to 11.8.1, and 12.1.x prior to 12.1.1, and Certified Asterisk 1.8.15 prior to 1.8.15-cert5 and 11.6 prior to 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium certified asterisk 11.6.0
digium certified asterisk 1.8.15
digium certified asterisk 1.8.12.0
digium certified asterisk 1.8.10.0
digium certified asterisk 1.8.8.0
digium certified asterisk 1.8.6.0
digium certified asterisk 1.8.4.0
digium certified asterisk 1.8.3.0
digium certified asterisk 1.8.1.0
digium certified asterisk 1.8.0.0
digium certified asterisk 11.6
digium certified asterisk 1.8.14.0
digium certified asterisk 1.8.13.0
digium certified asterisk 1.8.9.0
digium certified asterisk 1.8.5.0
digium certified asterisk 1.8.11.0
digium certified asterisk 1.8.7.0
digium certified asterisk 1.8.2.0
digium asterisk 12.1.0
digium asterisk 1.8.25.0
digium asterisk 1.8.24.1
digium asterisk 1.8.23.0
digium asterisk 1.8.22.0
digium asterisk 1.8.20.2
digium asterisk 1.8.20.1
digium asterisk 1.8.18.0
digium asterisk 1.8.17.0
digium asterisk 1.8.12.2
digium asterisk 1.8.12.0
digium asterisk 1.8.26.0
digium asterisk 1.8.21.0
digium asterisk 1.8.15.0
digium asterisk 1.8.14.1
digium asterisk 1.8.14.0
digium asterisk 1.8.0
digium asterisk 1.8.10.0
digium asterisk 1.8.10.1
digium asterisk 1.8.11.0
digium asterisk 1.8.15.1
digium asterisk 1.8.19.0
digium asterisk 1.8.19.1
digium asterisk 1.8.2
digium asterisk 1.8.2.1
digium asterisk 1.8.4
digium asterisk 1.8.4.1
digium asterisk 1.8.4.2
digium asterisk 1.8.8.0
fedoraproject fedora 19
digium asterisk 11.8.0
digium asterisk 1.8.24.0
digium asterisk 1.8.23.1
digium asterisk 1.8.20.0
digium asterisk 1.8.11.1
digium asterisk 1.8.1
digium asterisk 1.8.1.1
digium asterisk 1.8.1.2
digium asterisk 1.8.13.0
digium asterisk 1.8.3
digium asterisk 1.8.3.1
digium asterisk 1.8.5.0
digium asterisk 1.8.6.0
digium asterisk 1.8.9.0
digium asterisk 1.8.16.0
digium asterisk 1.8.12.1
digium asterisk 1.8.12
digium asterisk 1.8.2.3
digium asterisk 1.8.3.3
digium asterisk 1.8.4.3
digium asterisk 1.8.5
digium asterisk 1.8.7.0
digium asterisk 1.8.8.2
digium asterisk 1.8.9.1
digium asterisk 1.8.9.3
digium asterisk 1.8.13.1
digium asterisk 1.8.18.1
digium asterisk 1.8.2.2
digium asterisk 1.8.2.4
digium asterisk 1.8.3.2
digium asterisk 1.8.4.4
digium asterisk 1.8.7.1
digium asterisk 1.8.8.1
digium asterisk 1.8.9.2
fedoraproject fedora 20

Debian Bug report logs - #741313 asterisk: CVE-2014-2286 CVE-2014-2287 Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 11 Mar 2014 05:54: ...

CWE-20 http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 https://issues.asterisk.org/jira/browse/ASTERISK-23373 http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html http://www.securityfocus.com/bid/66094 http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html http://downloads.asterisk.org/pub/security/AST-2014-002.html http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741313 https://nvd.nist.gov

Get Started

CVE-2014-2287

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect