Null pointer dereference

res/respjsipextenstate.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service crash via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference...

Cross site request forgery (csrf)

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualifyfrequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service crash via a PJSIP endpoint that does not...

CVE-2014-2288

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualifyfrequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service crash via a PJSIP endpoint that does not...

CVE-2014-2289

res/respjsipextenstate.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service crash via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference...

CVE-2014-2288

The CVE-2014-2288 entry concerns the PJSIP channel driver in Asterisk Open Source 12.x prior to 12.1.1. When qualify_frequency is enabled on an AOR and the remote SIP server challenges authentication for the resulting OPTIONS, remote attackers can crash a PJSIP endpoint that has no associated out...

CVE-2014-2288

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualifyfrequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service crash via a PJSIP endpoint that does not...

CVE-2014-2289

res/respjsipextenstate.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service crash via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference...

Asterisk PJSIP Channel Driver Subscription DoS (AST-2014-004)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. A flaw exists in the PJSIP channel driver when handling 'SUBSCRIBE' requests. When Asterisk receives a 'SUBSCRIBE' request for a presence...

Asterisk PJSIP Channel Driver Options DoS (AST-2014-003)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. A flaw exists in the PJSIP channel driver when the 'qualityfrequency' configuration is enabled on an AOR when the SIP server's challenges fo...

AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling

Asterisk Project Security Advisory - AST-2014-004 Product Asterisk Summary Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling Nature of Advisory Denial of Service Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On January 14th, 2014...

AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver

Asterisk Project Security Advisory - AST-2014-003 Product Asterisk Summary Remote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On January 29, 2014 Reported By Joshua Col...

FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)

The Asterisk project reports : Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request. Denial of...

asterisk -- multiple vulnerabilities

The Asterisk project reports: Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request. Denial of...