CVE-2014-6610
published 2014-11-26CVE-2014-6610: Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows…
PriorityP416medium4CVSS 2.0
AVNACLAuSCNINAP
EPSS
1.52%
71.4th percentile
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:11.12.1~dfsg-1 (bullseye) | asterisk 1:11.12.1~dfsg-1 (bullseye) |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | >= 0 < 1:11.12.1~dfsg-1 | 1:11.12.1~dfsg-1 |
| digium | certified_asterisk | — | — |
| digium | certified_asterisk | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.0MEDIUM
vendor_debian4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f9gh-gm49-v657: Asterisk Open Source 11
ghsa_unreviewed·2022-05-17
CVE-2014-6610 [MEDIUM] GHSA-f9gh-gm49-v657: Asterisk Open Source 11
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.
OSV
CVE-2014-6610: Asterisk Open Source 11
osv·2014-11-26·CVSS 4.0
CVE-2014-6610 [MEDIUM] CVE-2014-6610: Asterisk Open Source 11
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.
Debian
CVE-2014-6610: asterisk - Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified As...
vendor_debian·2014·CVSS 4.0
CVE-2014-6610 [MEDIUM] CVE-2014-6610: asterisk - Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified As...
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.
Scope: local
bullseye: resolved (fixed in 1:11.12.1~dfsg-1)
sid: resolved (fixed in 1:11.12.1~dfsg-1)
No detection rules found.
No public exploits indexed.
2014-11-26
Published