Published: 24/11/2014 Updated: 16/07/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x prior to 12.7.1 and 13.x prior to 13.0.1, when using the res_pjsip_refer module, allows remote malicious users to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk

Debian Bug report logs - #771463 CVE-2014-8418 CVE-2014-8412 CVE-2014-8414 CVE-2014-8417 Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 29 Nov 2014 21:36:01 UTC Severity: grave Tags: sec ...

Debian Bug report logs - #773230 asterisk: CVE-2014-9374 Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 15 Dec 2014 20:30:02 UTC Severity: important Tags: fixed-upstream, security, ...

CWE-20 http://downloads.asterisk.org/pub/security/AST-2014-016.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-8416

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect