Showing 1 - 3 of 3

CVE-2013-5642

Status Candidate

Overview

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.

Related Files

Gentoo Linux Security Advisory 201401-15: Posted Jan 21, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201401-15 - Multiple vulnerabilities have been found in Asterisk, the worst of which may allow execution of arbitrary code. Versions less than 11.7.0 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2012-5976, CVE-2012-5977, CVE-2013-2264, CVE-2013-2685, CVE-2013-2686, CVE-2013-5641, CVE-2013-5642, CVE-2013-7100; SHA-256 | d5b3fc8ed465d4421b3d81a545983bd6659d93187fad9065936730f85fd097e5; Download | Favorite | View

Debian Security Advisory 2749-1: Posted Sep 2, 2013; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2749-1 - Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk - an open source PBX and telephony toolkit -, which could result in denial of service.; tags | advisory, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2013-5641, CVE-2013-5642; SHA-256 | 64f259e26777b4eda664b410ea07d6756308f234bf56cbd36c690cf8ae3a017c; Download | Favorite | View

Mandriva Linux Security Advisory 2013-223: Posted Aug 30, 2013; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2013-223 - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present. A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.; tags | advisory; systems | linux, mandriva; advisories | CVE-2013-5641, CVE-2013-5642; SHA-256 | fe608e9d309776c3c74a970f61a6a3304dc0d8dc4cc95d54316d0c533e08f277; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 285 files
Ubuntu 66 files
Debian 23 files
LiquidWorm 10 files
Valentin Lobstein 10 files
nu11secur1ty 7 files
Google Security Research 4 files
Milad Karimi 4 files
Jann Horn 3 files
Lennert Preuth 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,025)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,485)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,706)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

CVE-2013-5642

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems