CVE-2013-5641
published 2013-09-09CVE-2013-5641: The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.11%
89.5th percentile
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:11.5.1~dfsg-1 (bullseye) | asterisk 1:11.5.1~dfsg-1 (bullseye) |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | >= 0 < 1:11.5.1~dfsg-1 | 1:11.5.1~dfsg-1 |
| digium | certified_asterisk | — | — |
| digium | certified_asterisk | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vx3m-32pc-pfvq: The SIP channel driver (channels/chan_sip
ghsa_unreviewed·2022-05-17
CVE-2013-5641 [MEDIUM] CWE-119 GHSA-vx3m-32pc-pfvq: The SIP channel driver (channels/chan_sip
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.
OSV
CVE-2013-5641: The SIP channel driver (channels/chan_sip
osv·2013-09-09·CVSS 5.0
CVE-2013-5641 [MEDIUM] CVE-2013-5641: The SIP channel driver (channels/chan_sip
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.
Debian
CVE-2013-5641: asterisk - The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x th...
vendor_debian·2013·CVSS 5.0
CVE-2013-5641 [MEDIUM] CVE-2013-5641: asterisk - The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x th...
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.
Scope: local
bullseye: resolved (fixed in 1:11.5.1~dfsg-1)
sid: resolved (fixed in 1:11.5.1~dfsg-1)
No detection rules found.
No public exploits indexed.
http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.htmlhttp://downloads.asterisk.org/pub/security/AST-2013-004.htmlhttp://osvdb.org/96691http://seclists.org/bugtraq/2013/Aug/185http://secunia.com/advisories/54534http://secunia.com/advisories/54617http://www.debian.org/security/2013/dsa-2749http://www.mandriva.com/security/advisories?name=MDVSA-2013:223http://www.securityfocus.com/bid/62021http://www.securitytracker.com/id/1028956https://issues.asterisk.org/jira/browse/ASTERISK-21064http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.htmlhttp://downloads.asterisk.org/pub/security/AST-2013-004.htmlhttp://osvdb.org/96691http://seclists.org/bugtraq/2013/Aug/185http://secunia.com/advisories/54534http://secunia.com/advisories/54617http://www.debian.org/security/2013/dsa-2749http://www.mandriva.com/security/advisories?name=MDVSA-2013:223http://www.securityfocus.com/bid/62021http://www.securitytracker.com/id/1028956https://issues.asterisk.org/jira/browse/ASTERISK-21064
2013-09-09
Published