CVE-2006-5445 — Asterisk vulnerability

4 documents4 sources

Severity

7.8HIGHNVD

EPSS

10.0%

top 6.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedOct 23

Latest updateMay 1

Description

Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/asterisk< asterisk 1:1.2.13~dfsg-1 (bullseye)

▶Debiandigium/asterisk< 1:1.2.13~dfsg-1

▶NVDdigium/asterisk13 versions+12

Patches

Patch: ftp.digium.com ↗Patch: www.asterisk.org ↗Patch: www.asterisk.org ↗

🔴Vulnerability Details

GHSA

GHSA-q76q-55q2-fj65: Unspecified vulnerability in the SIP channel driver (channels/chan_sip↗2022-05-01

▶

OSV

CVE-2006-5445: Unspecified vulnerability in the SIP channel driver (channels/chan_sip↗2006-10-23

▶

📋Vendor Advisories

Debian

CVE-2006-5445: asterisk - Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Ast...↗2006

▶