CVE-2014-4045
published 2014-06-17CVE-2014-4045: The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.77%
84.5th percentile
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2014-4045: asterisk - The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Sou...
vendor_debian·2014·CVSS 4.3
CVE-2014-4045 [MEDIUM] CVE-2014-4045: asterisk - The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Sou...
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.
Scope: local
bullseye: resolved
sid: resolved
GHSA
GHSA-p9mr-2cw8-4xhj: The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12
ghsa_unreviewed·2022-05-14
CVE-2014-4045 [MEDIUM] GHSA-p9mr-2cw8-4xhj: The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://downloads.asterisk.org/pub/security/AST-2014-005.htmlhttp://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.htmlhttp://www.securityfocus.com/archive/1/532414/100/0/threadedhttp://downloads.asterisk.org/pub/security/AST-2014-005.htmlhttp://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.htmlhttp://www.securityfocus.com/archive/1/532414/100/0/threaded
2014-06-17
Published