CVE-2014-2287CVE-2014-2287

Affected configuration(s):

cpe:/a:digium:asterisk:1.8.0
cpe:/a:digium:asterisk:1.8.0:beta1
cpe:/a:digium:asterisk:1.8.0:beta2
cpe:/a:digium:asterisk:1.8.0:beta3
cpe:/a:digium:asterisk:1.8.0:beta4
cpe:/a:digium:asterisk:1.8.0:beta5
cpe:/a:digium:asterisk:1.8.0:rc2
cpe:/a:digium:asterisk:1.8.0:rc3
cpe:/a:digium:asterisk:1.8.0:rc4
cpe:/a:digium:asterisk:1.8.0:rc5
cpe:/a:digium:asterisk:1.8.1
cpe:/a:digium:asterisk:1.8.1:rc1
cpe:/a:digium:asterisk:1.8.1.1
cpe:/a:digium:asterisk:1.8.1.2
cpe:/a:digium:asterisk:1.8.2
cpe:/a:digium:asterisk:1.8.2.1
cpe:/a:digium:asterisk:1.8.2.2
cpe:/a:digium:asterisk:1.8.2.3
cpe:/a:digium:asterisk:1.8.2.4
cpe:/a:digium:asterisk:1.8.3
cpe:/a:digium:asterisk:1.8.3:rc1
cpe:/a:digium:asterisk:1.8.3:rc2
cpe:/a:digium:asterisk:1.8.3:rc3
cpe:/a:digium:asterisk:1.8.3.1
cpe:/a:digium:asterisk:1.8.3.2
cpe:/a:digium:asterisk:1.8.3.3
cpe:/a:digium:asterisk:1.8.4
cpe:/a:digium:asterisk:1.8.4:rc1
cpe:/a:digium:asterisk:1.8.4:rc2
cpe:/a:digium:asterisk:1.8.4:rc3
cpe:/a:digium:asterisk:1.8.4.1
cpe:/a:digium:asterisk:1.8.4.2
cpe:/a:digium:asterisk:1.8.4.3
cpe:/a:digium:asterisk:1.8.4.4
cpe:/a:digium:asterisk:1.8.5
cpe:/a:digium:asterisk:1.8.5:rc1
cpe:/a:digium:asterisk:1.8.5.0
cpe:/a:digium:asterisk:1.8.6.0
cpe:/a:digium:asterisk:1.8.6.0:rc1
cpe:/a:digium:asterisk:1.8.6.0:rc2
cpe:/a:digium:asterisk:1.8.6.0:rc3
cpe:/a:digium:asterisk:1.8.7.0
cpe:/a:digium:asterisk:1.8.7.0:rc1
cpe:/a:digium:asterisk:1.8.7.0:rc2
cpe:/a:digium:asterisk:1.8.7.1
cpe:/a:digium:asterisk:1.8.8.0
cpe:/a:digium:asterisk:1.8.8.0:-
cpe:/a:digium:asterisk:1.8.8.0:patch
cpe:/a:digium:asterisk:1.8.8.0:rc1
cpe:/a:digium:asterisk:1.8.8.0:rc2
cpe:/a:digium:asterisk:1.8.8.0:rc3
cpe:/a:digium:asterisk:1.8.8.0:rc4
cpe:/a:digium:asterisk:1.8.8.0:rc5
cpe:/a:digium:asterisk:1.8.8.1
cpe:/a:digium:asterisk:1.8.8.2
cpe:/a:digium:asterisk:1.8.9.0
cpe:/a:digium:asterisk:1.8.9.0:-
cpe:/a:digium:asterisk:1.8.9.0:rc1
cpe:/a:digium:asterisk:1.8.9.0:rc2
cpe:/a:digium:asterisk:1.8.9.0:rc3
cpe:/a:digium:asterisk:1.8.9.1
cpe:/a:digium:asterisk:1.8.9.2
cpe:/a:digium:asterisk:1.8.9.3
cpe:/a:digium:asterisk:1.8.10.0
cpe:/a:digium:asterisk:1.8.10.0:-
cpe:/a:digium:asterisk:1.8.10.0:rc1
cpe:/a:digium:asterisk:1.8.10.0:rc2
cpe:/a:digium:asterisk:1.8.10.0:rc3
cpe:/a:digium:asterisk:1.8.10.0:rc4
cpe:/a:digium:asterisk:1.8.10.1
cpe:/a:digium:asterisk:1.8.11.0
cpe:/a:digium:asterisk:1.8.11.0:-
cpe:/a:digium:asterisk:1.8.11.0:patch
cpe:/a:digium:asterisk:1.8.11.0:rc2
cpe:/a:digium:asterisk:1.8.11.0:rc3
cpe:/a:digium:asterisk:1.8.11.1
cpe:/a:digium:asterisk:1.8.11.1:-
cpe:/a:digium:asterisk:1.8.11.1:patch
cpe:/a:digium:asterisk:1.8.12
cpe:/a:digium:asterisk:1.8.12.0
cpe:/a:digium:asterisk:1.8.12.0:-
cpe:/a:digium:asterisk:1.8.12.0:rc1
cpe:/a:digium:asterisk:1.8.12.0:rc2
cpe:/a:digium:asterisk:1.8.12.0:rc3
cpe:/a:digium:asterisk:1.8.12.1
cpe:/a:digium:asterisk:1.8.12.2
cpe:/a:digium:asterisk:1.8.13.0
cpe:/a:digium:asterisk:1.8.13.0:rc1
cpe:/a:digium:asterisk:1.8.13.0:rc2
cpe:/a:digium:asterisk:1.8.13.1
cpe:/a:digium:asterisk:1.8.14.0:-
cpe:/a:digium:asterisk:1.8.14.0:patch
cpe:/a:digium:asterisk:1.8.14.0:rc1
cpe:/a:digium:asterisk:1.8.14.0:rc2
cpe:/a:digium:asterisk:1.8.14.1
cpe:/a:digium:asterisk:1.8.14.1:-
cpe:/a:digium:asterisk:1.8.14.1:patch
cpe:/a:digium:asterisk:1.8.15.0
cpe:/a:digium:asterisk:1.8.15.0:-
cpe:/a:digium:asterisk:1.8.15.0:rc1
cpe:/a:digium:asterisk:1.8.15.1
cpe:/a:digium:asterisk:1.8.16.0
cpe:/a:digium:asterisk:1.8.16.0:-
cpe:/a:digium:asterisk:1.8.16.0:rc1
cpe:/a:digium:asterisk:1.8.16.0:rc2
cpe:/a:digium:asterisk:1.8.17.0
cpe:/a:digium:asterisk:1.8.17.0:-
cpe:/a:digium:asterisk:1.8.17.0:patch
cpe:/a:digium:asterisk:1.8.17.0:rc1
cpe:/a:digium:asterisk:1.8.17.0:rc2
cpe:/a:digium:asterisk:1.8.17.0:rc3
cpe:/a:digium:asterisk:1.8.18.0
cpe:/a:digium:asterisk:1.8.18.0:-
cpe:/a:digium:asterisk:1.8.18.0:rc1
cpe:/a:digium:asterisk:1.8.18.1
cpe:/a:digium:asterisk:1.8.19.0
cpe:/a:digium:asterisk:1.8.19.0:-
cpe:/a:digium:asterisk:1.8.19.0:rc1
cpe:/a:digium:asterisk:1.8.19.0:rc3
cpe:/a:digium:asterisk:1.8.19.1
cpe:/a:digium:asterisk:1.8.20.0:-
cpe:/a:digium:asterisk:1.8.20.0:patch
cpe:/a:digium:asterisk:1.8.20.0:rc1
cpe:/a:digium:asterisk:1.8.20.0:rc2
cpe:/a:digium:asterisk:1.8.20.1:-
cpe:/a:digium:asterisk:1.8.20.1:patch
cpe:/a:digium:asterisk:1.8.20.2:-
cpe:/a:digium:asterisk:1.8.20.2:patch
cpe:/a:digium:asterisk:1.8.21.0:-
cpe:/a:digium:asterisk:1.8.21.0:rc1
cpe:/a:digium:asterisk:1.8.21.0:rc2
cpe:/a:digium:asterisk:1.8.22.0:-
cpe:/a:digium:asterisk:1.8.22.0:rc1
cpe:/a:digium:asterisk:1.8.22.0:rc2
cpe:/a:digium:asterisk:1.8.23.0:-
cpe:/a:digium:asterisk:1.8.23.0:patch
cpe:/a:digium:asterisk:1.8.23.0:rc1
cpe:/a:digium:asterisk:1.8.23.0:rc2
cpe:/a:digium:asterisk:1.8.23.1
cpe:/a:digium:asterisk:1.8.24.0:-
cpe:/a:digium:asterisk:1.8.24.0:rc1
cpe:/a:digium:asterisk:1.8.24.0:rc2
cpe:/a:digium:asterisk:1.8.24.1
cpe:/a:digium:asterisk:1.8.25.0:-
cpe:/a:digium:asterisk:1.8.25.0:rc1
cpe:/a:digium:asterisk:1.8.25.0:rc2
cpe:/a:digium:asterisk:1.8.26.0:-
cpe:/a:digium:asterisk:1.8.26.0:rc1
cpe:/a:digium:asterisk:11.8.0:-
cpe:/a:digium:asterisk:11.8.0:rc1
cpe:/a:digium:asterisk:11.8.0:rc2
cpe:/a:digium:asterisk:11.8.0:rc3
cpe:/a:digium:asterisk:12.1.0:-
cpe:/a:digium:asterisk:12.1.0:rc1
cpe:/a:digium:asterisk:12.1.0:rc2
cpe:/a:digium:asterisk:12.1.0:rc3
cpe:/a:digium:certified_asterisk:1.8.0.0:-
cpe:/a:digium:certified_asterisk:1.8.0.0:beta1
cpe:/a:digium:certified_asterisk:1.8.0.0:beta2
cpe:/a:digium:certified_asterisk:1.8.0.0:beta3
cpe:/a:digium:certified_asterisk:1.8.0.0:beta4
cpe:/a:digium:certified_asterisk:1.8.0.0:beta5
cpe:/a:digium:certified_asterisk:1.8.0.0:rc1
cpe:/a:digium:certified_asterisk:1.8.0.0:rc2
cpe:/a:digium:certified_asterisk:1.8.0.0:rc3
cpe:/a:digium:certified_asterisk:1.8.0.0:rc4
cpe:/a:digium:certified_asterisk:1.8.0.0:rc5
cpe:/a:digium:certified_asterisk:1.8.1.0:-
cpe:/a:digium:certified_asterisk:1.8.1.0:rc1
cpe:/a:digium:certified_asterisk:1.8.2.0:-
cpe:/a:digium:certified_asterisk:1.8.2.0:rc1
cpe:/a:digium:certified_asterisk:1.8.3.0:-
cpe:/a:digium:certified_asterisk:1.8.3.0:rc1
cpe:/a:digium:certified_asterisk:1.8.3.0:rc2
cpe:/a:digium:certified_asterisk:1.8.3.0:rc3
cpe:/a:digium:certified_asterisk:1.8.4.0:-
cpe:/a:digium:certified_asterisk:1.8.4.0:rc1
cpe:/a:digium:certified_asterisk:1.8.4.0:rc2
cpe:/a:digium:certified_asterisk:1.8.4.0:rc3
cpe:/a:digium:certified_asterisk:1.8.5.0:-
cpe:/a:digium:certified_asterisk:1.8.5.0:rc1
cpe:/a:digium:certified_asterisk:1.8.6.0:-
cpe:/a:digium:certified_asterisk:1.8.6.0:rc1
cpe:/a:digium:certified_asterisk:1.8.6.0:rc2
cpe:/a:digium:certified_asterisk:1.8.6.0:rc3
cpe:/a:digium:certified_asterisk:1.8.7.0:-
cpe:/a:digium:certified_asterisk:1.8.7.0:rc1
cpe:/a:digium:certified_asterisk:1.8.7.0:rc2
cpe:/a:digium:certified_asterisk:1.8.8.0:-
cpe:/a:digium:certified_asterisk:1.8.8.0:rc1
cpe:/a:digium:certified_asterisk:1.8.8.0:rc2
cpe:/a:digium:certified_asterisk:1.8.8.0:rc3
cpe:/a:digium:certified_asterisk:1.8.8.0:rc4
cpe:/a:digium:certified_asterisk:1.8.8.0:rc5
cpe:/a:digium:certified_asterisk:1.8.9.0:-
cpe:/a:digium:certified_asterisk:1.8.9.0:rc1
cpe:/a:digium:certified_asterisk:1.8.9.0:rc2
cpe:/a:digium:certified_asterisk:1.8.9.0:rc3
cpe:/a:digium:certified_asterisk:1.8.10.0:-
cpe:/a:digium:certified_asterisk:1.8.10.0:rc1
cpe:/a:digium:certified_asterisk:1.8.10.0:rc2
cpe:/a:digium:certified_asterisk:1.8.10.0:rc3
cpe:/a:digium:certified_asterisk:1.8.10.0:rc4
cpe:/a:digium:certified_asterisk:1.8.11.0:-
cpe:/a:digium:certified_asterisk:1.8.11.0:rc1
cpe:/a:digium:certified_asterisk:1.8.11.0:rc2
cpe:/a:digium:certified_asterisk:1.8.11.0:rc3
cpe:/a:digium:certified_asterisk:1.8.12.0:-
cpe:/a:digium:certified_asterisk:1.8.12.0:rc1
cpe:/a:digium:certified_asterisk:1.8.12.0:rc2
cpe:/a:digium:certified_asterisk:1.8.12.0:rc3
cpe:/a:digium:certified_asterisk:1.8.13.0:-
cpe:/a:digium:certified_asterisk:1.8.13.0:rc1
cpe:/a:digium:certified_asterisk:1.8.13.0:rc2
cpe:/a:digium:certified_asterisk:1.8.14.0:rc1
cpe:/a:digium:certified_asterisk:1.8.14.0:rc2
cpe:/a:digium:certified_asterisk:1.8.15:-
cpe:/a:digium:certified_asterisk:1.8.15:cert1
cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc1
cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc2
cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc3
cpe:/a:digium:certified_asterisk:1.8.15:cert2
cpe:/a:digium:certified_asterisk:1.8.15:cert3
cpe:/a:digium:certified_asterisk:1.8.15:cert4
cpe:/a:digium:certified_asterisk:11.6:cert1
cpe:/a:digium:certified_asterisk:11.6:cert1_rc1
cpe:/a:digium:certified_asterisk:11.6:cert1_rc2
cpe:/a:digium:certified_asterisk:11.6.0:-
cpe:/a:digium:certified_asterisk:11.6.0:rc1
cpe:/a:digium:certified_asterisk:11.6.0:rc2
cpe:/o:fedoraproject:fedora:19
cpe:/o:fedoraproject:fedora:20

Date published: 2014-04-18T18:14:38.010-04:00

Date last modified: 2014-04-21T13:37:29.257-04:00

CVSS Score: 3.5

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff

Summary: channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.