4 matches found
CVE-2014-4045
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when subminexpiry is set to zero, allows remote attackers to cause a denial of service assertion failure and crash via an unsubscribe request when not subscribed to the device...
CVE-2014-4045
The CVE-2014-4045 issue affects Asterisk Open Source 12.x prior to 12.3.1, in the PJSIP channel driver's Publish/Subscribe framework. When sub_min_expiry is zero, an unsubscribe request from a not-subscribed endpoint can trigger an assertion and crash (remote DoS). The documented remediation is t...
Asterisk PJSIP Channel Driver Multiple DoS Vulnerabilities (AST-2014-005 / AST-2014-008)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following denial of service vulnerabilities in the PJSIP channel driver : - A flaw exists in the publish / subscribe framework when an attempt to unsubscribe is made when...
AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework
Asterisk Project Security Advisory - AST-2014-005 Product Asterisk Summary Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On March 17, 2014 Reported...