CVE-2014-2289
published 2014-04-18CVE-2014-2289: res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of…
PriorityP414low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
2.16%
79.9th percentile
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
vendor_debian3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2014-2289: asterisk - res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source ...
vendor_debian·2014·CVSS 3.5
CVE-2014-2289 [LOW] CVE-2014-2289: asterisk - res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source ...
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
Scope: local
bullseye: resolved
sid: resolved
GHSA
GHSA-h685-6qvr-7qxj: res/res_pjsip_exten_state
ghsa_unreviewed·2022-05-17
CVE-2014-2289 [LOW] CWE-20 GHSA-h685-6qvr-7qxj: res/res_pjsip_exten_state
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://downloads.asterisk.org/pub/security/AST-2014-004-12.diffhttp://downloads.asterisk.org/pub/security/AST-2014-004.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.htmlhttps://issues.asterisk.org/jira/browse/ASTERISK-23139http://downloads.asterisk.org/pub/security/AST-2014-004-12.diffhttp://downloads.asterisk.org/pub/security/AST-2014-004.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.htmlhttps://issues.asterisk.org/jira/browse/ASTERISK-23139
2014-04-18
Published