CVE-2011-4063Improper Input Validation in Asterisk

CWE-20Improper Input Validation8 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
6.4%
top 8.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian AsteriskAsterisk Open Source
Timeline
PublishedOct 21
Latest updateMay 14

Description

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages2 packages

NVDasterisk/open_source1.8.7, 10.0.0+1
debiandebian/asterisk< asterisk 1:1.8.7.1~dfsg-1 (bullseye)

🔴Vulnerability Details

2
GHSA
GHSA-wxfw-gh9x-v224: chan_sip2022-05-14
OSV
CVE-2011-4063: chan_sip2011-10-21

📋Vendor Advisories

1
Debian
CVE-2011-4063: asterisk - chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7....2011

💬Community

4
Bugzilla
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [fedora-15]2011-10-17
Bugzilla
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012)2011-10-17
Bugzilla
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [fedora-16]2011-10-17
Bugzilla
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [epel-6]2011-10-17
CVE-2011-4063 — Improper Input Validation in Asterisk | cvebase