CVE-2011-4063
published 2011-10-21CVE-2011-4063: chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during…
PriorityP424medium6.8CVSS 2.0
AVNACLAuSCNINAC
EPSS
2.38%
81.8th percentile
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asterisk | open_source | — | — |
| asterisk | open_source | — | — |
| debian | asterisk | < asterisk 1:1.8.7.1~dfsg-1 (bullseye) | asterisk 1:1.8.7.1~dfsg-1 (bullseye) |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:C
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wxfw-gh9x-v224: chan_sip
ghsa_unreviewed·2022-05-14
CVE-2011-4063 [MEDIUM] CWE-20 GHSA-wxfw-gh9x-v224: chan_sip
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.
OSV
CVE-2011-4063: chan_sip
osv·2011-10-21·CVSS 6.8
CVE-2011-4063 [MEDIUM] CVE-2011-4063: chan_sip
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.
Debian
CVE-2011-4063: asterisk - chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7....
vendor_debian·2011·CVSS 6.8
CVE-2011-4063 [MEDIUM] CVE-2011-4063: asterisk - chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7....
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.
Scope: local
bullseye: resolved (fixed in 1:1.8.7.1~dfsg-1)
sid: resolved (fixed in 1:1.8.7.1~dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [fedora-15]
bugzilla·2011-10-17·CVSS 6.8
CVE-2011-4063 [MEDIUM] CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [fedora-15]
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [fedora-15]
fedora-15 tracking bug for asterisk: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
asterisk-1.8.7.1-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/asterisk-1.8.7.1-1.fc15
---
asterisk-1.8.7.1-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/asterisk-1.8.7.1-1.el6
---
asterisk-1.8.7.1-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/asterisk-1.8.7.1-1.fc16
---
Package asterisk-1.8.7.1-
Bugzilla
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012)
bugzilla·2011-10-17·CVSS 6.8
CVE-2011-4063 [MEDIUM] CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012)
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012)
It was found that a remote authenticated user could cause Asterisk to crash with a malformed request due to an uninitialized variable [1]. This flaw affects all versions of ASterisk 1.8.x and 10.x. This has been corrected upstream in versions 1.8.7.1 and 10.0.0-rc1.
[1] http://downloads.asterisk.org/pub/security/AST-2011-012.html
Discussion:
Created asterisk tracking bugs for this issue
Affects: fedora-15 [bug 746818]
Affects: fedora-16 [bug 746819]
Affects: epel-6 [bug 746820]
---
asterisk-1.8.7.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
---
asterisk-1.8.7.1-1.fc15 has been pushed to the Fedora 15 stable repository. I
Bugzilla
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [fedora-16]
bugzilla·2011-10-17·CVSS 6.8
CVE-2011-4063 [MEDIUM] CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [fedora-16]
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [fedora-16]
fedora-16 tracking bug for asterisk: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
asterisk-1.8.7.1-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/asterisk-1.8.7.1-1.fc15
---
asterisk-1.8.7.1-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/asterisk-1.8.7.1-1.el6
---
asterisk-1.8.7.1-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/asterisk-1.8.7.1-1.fc16
---
Package asterisk-1.8.7.1-
Bugzilla
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [epel-6]
bugzilla·2011-10-17·CVSS 6.8
CVE-2011-4063 [MEDIUM] CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [epel-6]
CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012) [epel-6]
epel-6 tracking bug for asterisk: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
asterisk-1.8.7.1-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/asterisk-1.8.7.1-1.fc15
---
asterisk-1.8.7.1-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/asterisk-1.8.7.1-1.el6
---
asterisk-1.8.7.1-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/asterisk-1.8.7.1-1.fc16
---
Package asterisk-1.8.7.1-1.fc16
http://downloads.digium.com/pub/security/AST-2011-012.htmlhttp://secunia.com/advisories/46420http://securityreason.com/securityalert/8478http://www.securityfocus.com/archive/1/520141/100/0/threadedhttp://www.securityfocus.com/bid/50177http://www.securitytracker.com/id?1026191https://exchange.xforce.ibmcloud.com/vulnerabilities/70706http://downloads.digium.com/pub/security/AST-2011-012.htmlhttp://secunia.com/advisories/46420http://securityreason.com/securityalert/8478http://www.securityfocus.com/archive/1/520141/100/0/threadedhttp://www.securityfocus.com/bid/50177http://www.securitytracker.com/id?1026191https://exchange.xforce.ibmcloud.com/vulnerabilities/70706
2011-10-21
Published