CVE-2014-6609 — Improper Input Validation in Asterisk

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.0MEDIUMNVD

OSV5.0

EPSS

0.8%

top 25.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Digium Asterisk Debian Asterisk

Timeline

PublishedNov 26

Latest updateMay 17

Description

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶NVDdigium/asterisk6 versions+5

▶debiandebian/asterisk

▶Ubuntuphpmyadmin/phpmyadmin< 4:4.0.10-1ubuntu0.1+esm4+3

Patches

Patch: downloads.asterisk.org ↗Patch: downloads.asterisk.org ↗

🔴Vulnerability Details

GHSA

GHSA-8qx4-jg42-x9gv: The res_pjsip_pubsub module in Asterisk Open Source 12↗2022-05-17

▶

OSV

phpmyadmin vulnerabilities↗2021-03-16

▶

📋Vendor Advisories

Debian

CVE-2014-6609: asterisk - The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows re...↗2014

▶