5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.373 Low
EPSS
Percentile
97.1%
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x
before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified
Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and
Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows
remote attackers to cause a denial of service (NULL pointer dereference,
segmentation fault, and daemon crash) via an invalid SDP that defines a
media description before the connection description in a SIP request.