CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
EPSS
Percentile
80.4%
Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 11 | all | asterisk | < 1:13.1.0~dfsg-1.1 | asterisk_1:13.1.0~dfsg-1.1_all.deb |
Debian | 999 | all | asterisk | < 1:13.1.0~dfsg-1.1 | asterisk_1:13.1.0~dfsg-1.1_all.deb |