CVE-2013-5642

EPSS 5.08%
Published 09.09.2013 17:55:06
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Digium ≫ Asterisk Version1.8.17.0

Digium ≫ Asterisk Version1.8.17.0 Updaterc1

Digium ≫ Asterisk Version1.8.17.0 Updaterc2

Digium ≫ Asterisk Version1.8.17.0 Updaterc3

Digium ≫ Asterisk Version1.8.18.0

Digium ≫ Asterisk Version1.8.18.0 Updaterc1

Digium ≫ Asterisk Version1.8.18.1

Digium ≫ Asterisk Version1.8.19.0

Digium ≫ Asterisk Version1.8.19.0 Updaterc1

Digium ≫ Asterisk Version1.8.19.0 Updaterc3

Digium ≫ Asterisk Version1.8.19.1

Digium ≫ Asterisk Version1.8.20.0

Digium ≫ Asterisk Version1.8.20.0 Updaterc1

Digium ≫ Asterisk Version1.8.20.0 Updaterc2

Digium ≫ Asterisk Version1.8.21.0 Updaterc1

Digium ≫ Asterisk Version1.8.21.0 Updaterc2

Digium ≫ Asterisk Version1.8.22.0

Digium ≫ Asterisk Version1.8.22.0 Updaterc1

Digium ≫ Asterisk Version1.8.22.0 Updaterc2

Digium ≫ Asterisk Version1.8.23.0

Digium ≫ Asterisk Version1.8.23.0 Updaterc1

Digium ≫ Asterisk Version1.8.23.0 Updaterc2

Digium ≫ Asterisk Version10.10.0

Digium ≫ Asterisk Version10.10.0 Updaterc1

Digium ≫ Asterisk Version10.10.0 Updaterc2

Digium ≫ Asterisk Version10.11.0

Digium ≫ Asterisk Version10.11.0 Updaterc1

Digium ≫ Asterisk Version10.11.0 Updaterc2

Digium ≫ Asterisk Version10.11.0 Updaterc3

Digium ≫ Asterisk Version10.12.0

Digium ≫ Asterisk Version10.12.0 Updaterc1

Digium ≫ Asterisk Version10.12.0 Updaterc2

Digium ≫ Asterisk Version10.12.1

Digium ≫ Asterisk Version10.12.2

Digium ≫ Asterisk Version11.0.0

Digium ≫ Asterisk Version11.0.0 Updatebeta1

Digium ≫ Asterisk Version11.0.0 Updatebeta2

Digium ≫ Asterisk Version11.0.0 Updaterc1

Digium ≫ Asterisk Version11.0.0 Updaterc2

Digium ≫ Asterisk Version11.0.1

Digium ≫ Asterisk Version11.0.2

Digium ≫ Asterisk Version11.1.0

Digium ≫ Asterisk Version11.1.0 Updaterc1

Digium ≫ Asterisk Version11.1.0 Updaterc3

Digium ≫ Asterisk Version11.1.1

Digium ≫ Asterisk Version11.1.2

Digium ≫ Asterisk Version11.2.0 Updaterc1

Digium ≫ Asterisk Version11.2.0 Updaterc2

Digium ≫ Asterisk Version11.3.0 Updaterc1

Digium ≫ Asterisk Version11.3.0 Updaterc2

Digium ≫ Asterisk Version11.4.0

Digium ≫ Asterisk Version11.4.0 Updaterc1

Digium ≫ Asterisk Version11.4.0 Updaterc2

Digium ≫ Asterisk Version11.4.0 Updaterc3

Digium ≫ Asterisk Version11.5.0

Digium ≫ Asterisk Version11.5.0 Updaterc1

Digium ≫ Asterisk Version11.5.0 Updaterc2

Digium ≫ Asterisk Version11.5.1

Digium ≫ Asterisk Digiumphones Version10.0.0

Digium ≫ Asterisk Digiumphones Version10.0.0 Updaterc1

Digium ≫ Asterisk Digiumphones Version10.0.0 Updaterc2

Digium ≫ Asterisk Digiumphones Version10.11.0

Digium ≫ Asterisk Digiumphones Version10.11.0 Updaterc1

Digium ≫ Asterisk Digiumphones Version10.11.0 Updaterc2

Digium ≫ Asterisk Digiumphones Version10.11.0 Updaterc3

Digium ≫ Asterisk Digiumphones Version10.12.0

Digium ≫ Asterisk Digiumphones Version10.12.0 Updaterc1

Digium ≫ Asterisk Digiumphones Version10.12.0 Updaterc2

Digium ≫ Asterisk Digiumphones Version10.12.1

Digium ≫ Asterisk Digiumphones Version10.12.2

Digium ≫ Certified Asterisk Version1.8.15

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1-rc1

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1-rc2

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1-rc3

Digium ≫ Certified Asterisk Version1.8.15 Updatecert2

Digium ≫ Certified Asterisk Version1.8.15 Updaterc1

Digium ≫ Certified Asterisk Version11.2.0

Digium ≫ Certified Asterisk Version11.2.0 Updatecert1

Digium ≫ Certified Asterisk Version11.2.0 Updaterc1

Digium ≫ Certified Asterisk Version11.2.0 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.08%	0.894

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/54534

Vendor Advisory

http://secunia.com/advisories/54617

http://www.debian.org/security/2013/dsa-2749

http://www.mandriva.com/security/advisories?name=MDVSA-2013:223

http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html

http://downloads.asterisk.org/pub/security/AST-2013-005.html

Patch

Vendor Advisory

http://osvdb.org/96690

http://www.securityfocus.com/bid/62022

http://www.securitytracker.com/id/1028957

https://issues.asterisk.org/jira/browse/ASTERISK-22007

https://nvd.nist.gov/vuln/detail/CVE-2013-5642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-5642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-5642

EUVD