CVE-2014-6610 — Asterisk vulnerability

CWE-195 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

1.5%

top 18.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk Digium Certified Asterisk

Timeline

PublishedNov 26

Latest updateMay 17

Description

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages4 packages

▶NVDdigium/certified_asterisk11.6, 11.6.0+1

▶debiandebian/asterisk< asterisk 1:11.12.1~dfsg-1 (bullseye)

▶Debiandigium/asterisk< 1:11.12.1~dfsg-1

▶NVDdigium/asterisk19 versions+18

Patches

Patch: downloads.asterisk.org ↗Patch: downloads.asterisk.org ↗

🔴Vulnerability Details

GHSA

GHSA-f9gh-gm49-v657: Asterisk Open Source 11↗2022-05-17

▶

OSV

CVE-2014-6610: Asterisk Open Source 11↗2014-11-26

▶

📋Vendor Advisories

Debian

CVE-2014-6610: asterisk - Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified As...↗2014

▶

💬Community

Bugzilla

CVE-2014-6610 asterisk: Remote crash when handling out of call message in certain dialplan configurations [AST-2014-010]↗2014-09-19

▶