CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2017/05/26 12:0 a.m.•2 views

Asterisk Denial of Service Vulnerability (CNVD-2017-09858)

Asterisk is an open source software PBX that supports a variety of VoIP protocols and devices. The Asterisk chanpjsip and PJSIP denial of service vulnerabilities allow attackers to exploit this vulnerability by submitting a special request to crash the application or launch a denial of service...

6.9AI score

OpenVAS•added 2017/05/23 12:0 a.m.•17 views

Asterisk Multiple DoS Vulnerabilities (May 2017)

Asterisk is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.5AI score0.03989EPSS

Exploits0References3

Packet Storm•added 2017/05/22 12:0 a.m.•50 views

Asterisk 14.4.0 PJSIP 2.6 Heap Overflow

Heap overflow in CSEQ header parsing affects Asterisk chanpjsip and PJSIP - Authors: - Alfred Farrugia - Sandro Gauci - Vulnerable version: Asterisk 14.4.0 running chanpjsip, PJSIP 2.6 - References: AST-2017-002 - Enable Security Advisory: - Vendor Advisory: - Timeline: - Report date: 2017-04-12 ...

0.8AI score

Packet Storm•added 2017/05/22 12:0 a.m.•42 views

Asterisk 14.4.0 PJSIP 2.6 Denial Of Service

Out of bound memory access in PJSIP multipart parser crashes Asterisk - Authors: - Alfred Farrugia - Sandro Gauci - Vulnerable version: Asterisk 14.4.0 running chanpjsip, PJSIP 2.6 - References: AST-2017-003 - Enable Security Advisory: - Vendor Advisory: - Timeline: - Report date: 2017-04-13 -...

0.1AI score

Tenable Nessus•added 2017/05/22 12:0 a.m.•13 views

FreeBSD : asterisk -- Buffer Overrun in PJSIP transaction layer (0537afa3-3ce0-11e7-bf9d-001999f8d30b)

The Asterisk project reports : A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...

5.7AI score

Exploits0References3

FreeBSD•added 2017/04/12 12:0 a.m.•24 views

asterisk -- Buffer Overrun in PJSIP transaction layer

The Asterisk project reports: A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...

2.1AI score

Check Point Advisories•added 2016/10/26 12:0 a.m.•1 views

Digium Asterisk PJSIP Stack ACK Denial of Service

A denial of service vulnerability exists in Digium Asterisk when the PJSIP stack is used. The vulnerability is due to improper processing of ACKs from an unrecognized endpoint, that causes a NULL pointer dereference. A remote unauthenticated attacker can exploit this vulnerability by sending an A...

3.9AI score

Tenable Nessus•added 2016/09/15 12:0 a.m.•12 views

Asterisk 13.10.x < 13.11.1 ACK Handling Unrecognized Username NULL Pointer Dereference DoS (AST-2016-006)

According to its SIP banner, the version of Asterisk running on the remote host is 13.10.x prior to 13.11.1. It is, therefore, affected by a NULL pointer dereference flaw due to improper handling of ACK packets from an unknown username. An unauthenticated, remote attacker can exploit this to cras...

5.7AI score

OpenVAS•added 2016/09/12 12:0 a.m.•10 views

Asterisk Remote Crash Vulnerability (AST-2016-006)

Asterisk is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...

7.2AI score

Tenable Nessus•added 2016/09/09 12:0 a.m.•21 views

FreeBSD : asterisk -- Crash on ACK from unknown endpoint (7fda7920-7603-11e6-b362-001999f8d30b)

The Asterisk project reports : Asterisk can be crashed remotely by sending an ACK to it from an endpoint username that Asterisk does not recognize. Most SIP request types result in an 'artificial' endpoint being looked up, but ACKs bypass this lookup. The resulting NULL pointer results in a crash...

5.5AI score

Check Point Advisories•added 2016/07/17 12:0 a.m.•2 views

Digium Asterisk PJSIP Channel Driver REGISTER Denial of Service

A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to errors when processing incoming REGISTER requests with lengthy Contact Header URI. A remote authenticated attacker can exploit this vulnerability to cause a denial of service condition...

4.1AI score

Tenable Nessus•added 2016/04/18 12:0 a.m.•16 views

FreeBSD : PJSIP -- TCP denial of service in PJProject (e21474c6-031a-11e6-aa86-001999f8d30b)

The Asterisk project reports : PJProject has a limit on the number of TCP connections that it can accept. Furthermore, PJProject does not close TCP connections it accepts. By default, this value is approximately 60. An attacker can deplete the number of allowed TCP connections by opening TCP...

5.5AI score

Tenable Nessus•added 2016/04/18 12:0 a.m.•10 views

FreeBSD : asterisk -- Long Contact URIs in REGISTER requests can crash Asterisk (ee50726e-0319-11e6-aa86-001999f8d30b)

The Asterisk project reports : Asterisk may crash when processing an incoming REGISTER request if that REGISTER contains a Contact header with a lengthy URI. This crash will only happen for requests that pass authentication. Unauthenticated REGISTER requests will not result in a crash occurring...

5.4AI score

FreeBSD•added 2016/01/19 12:0 a.m.•25 views

asterisk -- Long Contact URIs in REGISTER requests can crash Asterisk

The Asterisk project reports: Asterisk may crash when processing an incoming REGISTER request if that REGISTER contains a Contact header with a lengthy URI. This crash will only happen for requests that pass authentication. Unauthenticated REGISTER requests will not result in a crash occurring...

0.5AI score

Prion•added 2015/02/09 11:59 a.m.•11 views

Code injection

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service file descriptor consumption via an SDP offer containing only incompatible codecs...

3.5CVSS6.8AI score0.0303EPSS

Exploits0References4Affected Software1

NVD•added 2015/02/09 11:59 a.m.•15 views

CVE-2015-1558

3.5CVSS6.2AI score0.0303EPSS

Exploits0References4

OSV•added 2015/02/09 11:59 a.m.•2 views

DEBIAN-CVE-2015-1558

3.5CVSS6.7AI score0.0303EPSS