CVE-2013-5641Improper Restriction of Operations within the Bounds of a Memory Buffer in Asterisk

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
4.1%
top 11.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Digium AsteriskDebian AsteriskDigium Certified Asterisk
Timeline
PublishedSep 9
Latest updateMay 17

Description

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

NVDdigium/certified_asterisk1.8.15, 11.2.0+1
debiandebian/asterisk< asterisk 1:11.5.1~dfsg-1 (bullseye)
Debiandigium/asterisk< 1:11.5.1~dfsg-1
NVDdigium/asterisk20 versions+19

Patches

Patch: downloads.asterisk.orgPatch: seclists.orgPatch: downloads.asterisk.org

🔴Vulnerability Details

2
GHSA
GHSA-vx3m-32pc-pfvq: The SIP channel driver (channels/chan_sip2022-05-17
OSV
CVE-2013-5641: The SIP channel driver (channels/chan_sip2013-09-09

📋Vendor Advisories

1
Debian
CVE-2013-5641: asterisk - The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x th...2013

💬Community

1
Bugzilla
CVE-2013-5641 CVE-2013-5642 asterisk: two denial of service flaws in the SIP channel driver (AST-2013-004, AST-2013-005)2013-08-28
CVE-2013-5641 — Debian Asterisk vulnerability | cvebase