Skip to main content

Asterisk CVE-2013-5641

MEDIUM
Buffer Overflow (CWE-119)
2013-09-09 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Sep 09, 2013 - 17:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.

AnalysisAI

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information. Affected products include: Digium Asterisk, Digium Certified Asterisk. Version information: through 1.8.22..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2017-17090 HIGH POC
7.5 Dec 02

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and old

CVE-2012-1184 HIGH POC
7.5 Sep 18

Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x

CVE-2017-14100 CRITICAL
9.8 Sep 02

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cer

CVE-2017-14098 HIGH
7.5 Sep 02

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel

CVE-2014-9374 MEDIUM
5.0 Dec 12

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.

CVE-2017-17850 HIGH
7.5 Dec 27

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. Ra

CVE-2017-7617 HIGH
8.8 Apr 10

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asteris

CVE-2015-3008 MEDIUM
4.3 Apr 10

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified

CVE-2021-32558 HIGH POC
7.5 Jul 30

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x befor

CVE-2018-19278 HIGH POC
7.5 Nov 14

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote

CVE-2018-7284 HIGH POC
7.5 Feb 22

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Ce

CVE-2012-5976 MEDIUM
5.0 Jan 04

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x

Share

CVE-2013-5641 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy