CVE-2014-4048 — Asterisk vulnerability

3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

1.6%

top 18.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedJun 17

Latest updateMay 14

Description

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDdigium/asterisk12.3.0+5

▶debiandebian/asterisk

Patches

Patch: downloads.asterisk.org ↗Patch: downloads.asterisk.org ↗

🔴Vulnerability Details

GHSA

GHSA-5rvj-6jpg-mr39: The PJSIP Channel Driver in Asterisk Open Source before 12↗2022-05-14

▶

📋Vendor Advisories

Debian

CVE-2014-4048: asterisk - The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote att...↗2014

▶