2 matches found
Digium Asterisk res_pjsip_pubsub Module SIP SUBSCRIBE Type Confusion Denial of Service (CVE-2014-6609)
A denial of service vulnerability exists in Asterisk Open Source. The vulnerability is due to the way SIP SUBSCRIBE requests with unexpected mixes of headers for a given event package are handled. Remote, unauthenticated attackers could exploit this vulnerability by sending malformed SIP SUBSCRIB...
CVE-2014-6609
The CVE-2014-6609 issue affects Asterisk Open Source 12.x prior to 12.5.1, where the res_pjsip_pubsub module allows remote authenticated users to crash the server by sending crafted SIP SUBSCRIBE requests with mixed headers for a given event package. This results in a denial of service. Root caus...