2018-02-22 01:29:01 2019-10-03 02:03:26

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL
Digium Asterisk 14.7.3 (not an official CPE) Digium Asterisk 14.7.2 (not an official CPE) Digium Asterisk 14.7.1 (not an official CPE) Digium Asterisk 14.7.0 (not an official CPE) Digium Asterisk 14.6.2 (not an official CPE) Digium Asterisk 14.6.1 (not an official CPE) Digium Asterisk 14.6.0 Rc1 (not an official CPE) Digium Asterisk 14.6.0 (not an official CPE) Digium Asterisk 14.5.0 Rc1 (not an official CPE) Digium Asterisk 14.5.0 Rc2 (not an official CPE) Digium Asterisk 14.4.1 (not an official CPE) Digium Asterisk 14.5.0 (not an official CPE) Digium Asterisk 14.4.0 Rc3 (not an official CPE) Digium Asterisk 14.4.0 Rc2 (not an official CPE) Digium Asterisk 14.4.0 Rc1 (not an official CPE) Digium Asterisk 14.4.0 (not an official CPE) Digium Asterisk 14.3.1 (not an official CPE) Digium Asterisk 14.3.0 Rc2 (not an official CPE) Digium Asterisk 14.3.0 Rc1 (not an official CPE) Digium Asterisk 14.3.0 (not an official CPE) Digium Asterisk 14.2.1 (not an official CPE) Digium Asterisk 14.2.0 (not an official CPE) Digium Asterisk 14.02 (not an official CPE) Digium Asterisk 14.1.2 (not an official CPE) Digium Asterisk 14.1.1 (not an official CPE) Digium Asterisk 14.1.0 (not an official CPE) Digium Asterisk 14.1 (not an official CPE) Digium Asterisk 14.0.2 (not an official CPE) Digium Asterisk 14.0.1 (not an official CPE) Digium Asterisk 14.0.0 Rc2 (not an official CPE) Digium Asterisk 14.0.0 Rc1 (not an official CPE) Digium Asterisk 14.0.0 Beta2 (not an official CPE) Digium Asterisk 14.0.0 Beta1 (not an official CPE) Digium Asterisk 14.0.0 (not an official CPE) Digium Asterisk 13.19.1 (not an official CPE) Digium Asterisk 14.7.4 (not an official CPE) Digium Asterisk 14.7.5 (not an official CPE) Digium Asterisk 15.0.0 (not an official CPE) Digium Asterisk 15.0.0 - (not an official CPE) Digium Asterisk 15.0.0 Beta1 (not an official CPE) Digium Asterisk 15.0.0 Rc1 (not an official CPE) Digium Asterisk 15.1.0 (not an official CPE) Digium Asterisk 15.1.1 (not an official CPE) Digium Asterisk 15.1.2 (not an official CPE) Digium Asterisk 15.1.3 (not an official CPE) Digium Asterisk 15.1.4 (not an official CPE) Digium Asterisk 15.1.5 (not an official CPE) Digium Asterisk 15.2.0 (not an official CPE) Digium Asterisk 15.2.0 Rc1 (not an official CPE) Digium Asterisk 15.2.0 Rc2 (not an official CPE) Digium Asterisk 15.2.1 (not an official CPE) Digium Certified asterisk 13.18 (not an official CPE)