CVE-2014-2288

2014-04-1822:14:38

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.2%

JSON

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency “is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,” allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.

OSVersionArchitecturePackageVersionFilename
Debian11allasterisk< 1:16.28.0~dfsg-0+deb11u4asterisk_1:16.28.0~dfsg-0+deb11u4_all.deb
Debian999allasterisk< 1:20.8.1~dfsg+~cs6.14.40431414-1asterisk_1:20.8.1~dfsg+~cs6.14.40431414-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	asterisk	< 1:16.28.0~dfsg-0+deb11u4	asterisk_1:16.28.0~dfsg-0+deb11u4_all.deb
Debian	999	all	asterisk	< 1:20.8.1~dfsg+~cs6.14.40431414-1	asterisk_1:20.8.1~dfsg+~cs6.14.40431414-1_all.deb