CVE-2014-2287

EPSS 22.86%
Published 18.04.2014 22:14:38
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Digium ≫ Certified Asterisk Version1.8.0.0 Update-

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta1

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta2

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta3

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta4

Digium ≫ Certified Asterisk Version1.8.0.0 Updatebeta5

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc4

Digium ≫ Certified Asterisk Version1.8.0.0 Updaterc5

Digium ≫ Certified Asterisk Version1.8.1.0 Update-

Digium ≫ Certified Asterisk Version1.8.1.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.2.0 Update-

Digium ≫ Certified Asterisk Version1.8.2.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.3.0 Update-

Digium ≫ Certified Asterisk Version1.8.3.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.3.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.3.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.4.0 Update-

Digium ≫ Certified Asterisk Version1.8.4.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.4.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.4.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.5.0 Update-

Digium ≫ Certified Asterisk Version1.8.5.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.6.0 Update-

Digium ≫ Certified Asterisk Version1.8.6.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.6.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.6.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.7.0 Update-

Digium ≫ Certified Asterisk Version1.8.7.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.7.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.8.0 Update-

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc4

Digium ≫ Certified Asterisk Version1.8.8.0 Updaterc5

Digium ≫ Certified Asterisk Version1.8.9.0 Update-

Digium ≫ Certified Asterisk Version1.8.9.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.9.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.9.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.10.0 Update-

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.10.0 Updaterc4

Digium ≫ Certified Asterisk Version1.8.11.0 Update-

Digium ≫ Certified Asterisk Version1.8.11.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.11.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.11.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.12.0 Update-

Digium ≫ Certified Asterisk Version1.8.12.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.12.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.12.0 Updaterc3

Digium ≫ Certified Asterisk Version1.8.13.0 Update-

Digium ≫ Certified Asterisk Version1.8.13.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.13.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.14.0 Updaterc1

Digium ≫ Certified Asterisk Version1.8.14.0 Updaterc2

Digium ≫ Certified Asterisk Version1.8.15 Update-

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1_rc1

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1_rc2

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1_rc3

Digium ≫ Certified Asterisk Version1.8.15 Updatecert2

Digium ≫ Certified Asterisk Version1.8.15 Updatecert3

Digium ≫ Certified Asterisk Version1.8.15 Updatecert4

Digium ≫ Certified Asterisk Version11.6 Updatecert1

Digium ≫ Certified Asterisk Version11.6 Updatecert1_rc1

Digium ≫ Certified Asterisk Version11.6 Updatecert1_rc2

Digium ≫ Certified Asterisk Version11.6.0 Update-

Digium ≫ Certified Asterisk Version11.6.0 Updaterc1

Digium ≫ Certified Asterisk Version11.6.0 Updaterc2

Digium ≫ Asterisk Version1.8.0

Digium ≫ Asterisk Version1.8.0 Updatebeta1

Digium ≫ Asterisk Version1.8.0 Updatebeta2

Digium ≫ Asterisk Version1.8.0 Updatebeta3

Digium ≫ Asterisk Version1.8.0 Updatebeta4

Digium ≫ Asterisk Version1.8.0 Updatebeta5

Digium ≫ Asterisk Version1.8.0 Updaterc2

Digium ≫ Asterisk Version1.8.0 Updaterc3

Digium ≫ Asterisk Version1.8.0 Updaterc4

Digium ≫ Asterisk Version1.8.0 Updaterc5

Digium ≫ Asterisk Version1.8.1

Digium ≫ Asterisk Version1.8.1 Updaterc1

Digium ≫ Asterisk Version1.8.1.1

Digium ≫ Asterisk Version1.8.1.2

Digium ≫ Asterisk Version1.8.2

Digium ≫ Asterisk Version1.8.2.1

Digium ≫ Asterisk Version1.8.2.2

Digium ≫ Asterisk Version1.8.2.3

Digium ≫ Asterisk Version1.8.2.4

Digium ≫ Asterisk Version1.8.3

Digium ≫ Asterisk Version1.8.3 Updaterc1

Digium ≫ Asterisk Version1.8.3 Updaterc2

Digium ≫ Asterisk Version1.8.3 Updaterc3

Digium ≫ Asterisk Version1.8.3.1

Digium ≫ Asterisk Version1.8.3.2

Digium ≫ Asterisk Version1.8.3.3

Digium ≫ Asterisk Version1.8.4

Digium ≫ Asterisk Version1.8.4 Updaterc1

Digium ≫ Asterisk Version1.8.4 Updaterc2

Digium ≫ Asterisk Version1.8.4 Updaterc3

Digium ≫ Asterisk Version1.8.4.1

Digium ≫ Asterisk Version1.8.4.2

Digium ≫ Asterisk Version1.8.4.3

Digium ≫ Asterisk Version1.8.4.4

Digium ≫ Asterisk Version1.8.5

Digium ≫ Asterisk Version1.8.5 Updaterc1

Digium ≫ Asterisk Version1.8.5.0

Digium ≫ Asterisk Version1.8.6.0

Digium ≫ Asterisk Version1.8.6.0 Updaterc1

Digium ≫ Asterisk Version1.8.6.0 Updaterc2

Digium ≫ Asterisk Version1.8.6.0 Updaterc3

Digium ≫ Asterisk Version1.8.7.0

Digium ≫ Asterisk Version1.8.7.0 Updaterc1

Digium ≫ Asterisk Version1.8.7.0 Updaterc2

Digium ≫ Asterisk Version1.8.7.1

Digium ≫ Asterisk Version1.8.8.0

Digium ≫ Asterisk Version1.8.8.0 Update-

Digium ≫ Asterisk Version1.8.8.0 Updatepatch

Digium ≫ Asterisk Version1.8.8.0 Updaterc1

Digium ≫ Asterisk Version1.8.8.0 Updaterc2

Digium ≫ Asterisk Version1.8.8.0 Updaterc3

Digium ≫ Asterisk Version1.8.8.0 Updaterc4

Digium ≫ Asterisk Version1.8.8.0 Updaterc5

Digium ≫ Asterisk Version1.8.8.1

Digium ≫ Asterisk Version1.8.8.2

Digium ≫ Asterisk Version1.8.9.0

Digium ≫ Asterisk Version1.8.9.0 Update-

Digium ≫ Asterisk Version1.8.9.0 Updaterc1

Digium ≫ Asterisk Version1.8.9.0 Updaterc2

Digium ≫ Asterisk Version1.8.9.0 Updaterc3

Digium ≫ Asterisk Version1.8.9.1

Digium ≫ Asterisk Version1.8.9.2

Digium ≫ Asterisk Version1.8.9.3

Digium ≫ Asterisk Version1.8.10.0

Digium ≫ Asterisk Version1.8.10.0 Update-

Digium ≫ Asterisk Version1.8.10.0 Updaterc1

Digium ≫ Asterisk Version1.8.10.0 Updaterc2

Digium ≫ Asterisk Version1.8.10.0 Updaterc3

Digium ≫ Asterisk Version1.8.10.0 Updaterc4

Digium ≫ Asterisk Version1.8.10.1

Digium ≫ Asterisk Version1.8.11.0

Digium ≫ Asterisk Version1.8.11.0 Update-

Digium ≫ Asterisk Version1.8.11.0 Updatepatch

Digium ≫ Asterisk Version1.8.11.0 Updaterc2

Digium ≫ Asterisk Version1.8.11.0 Updaterc3

Digium ≫ Asterisk Version1.8.11.1

Digium ≫ Asterisk Version1.8.11.1 Update-

Digium ≫ Asterisk Version1.8.11.1 Updatepatch

Digium ≫ Asterisk Version1.8.12

Digium ≫ Asterisk Version1.8.12.0

Digium ≫ Asterisk Version1.8.12.0 Update-

Digium ≫ Asterisk Version1.8.12.0 Updaterc1

Digium ≫ Asterisk Version1.8.12.0 Updaterc2

Digium ≫ Asterisk Version1.8.12.0 Updaterc3

Digium ≫ Asterisk Version1.8.12.1

Digium ≫ Asterisk Version1.8.12.2

Digium ≫ Asterisk Version1.8.13.0

Digium ≫ Asterisk Version1.8.13.0 Updaterc1

Digium ≫ Asterisk Version1.8.13.0 Updaterc2

Digium ≫ Asterisk Version1.8.13.1

Digium ≫ Asterisk Version1.8.14.0 Update-

Digium ≫ Asterisk Version1.8.14.0 Updatepatch

Digium ≫ Asterisk Version1.8.14.0 Updaterc1

Digium ≫ Asterisk Version1.8.14.0 Updaterc2

Digium ≫ Asterisk Version1.8.14.1

Digium ≫ Asterisk Version1.8.14.1 Update-

Digium ≫ Asterisk Version1.8.14.1 Updatepatch

Digium ≫ Asterisk Version1.8.15.0

Digium ≫ Asterisk Version1.8.15.0 Update-

Digium ≫ Asterisk Version1.8.15.0 Updaterc1

Digium ≫ Asterisk Version1.8.15.1

Digium ≫ Asterisk Version1.8.16.0

Digium ≫ Asterisk Version1.8.16.0 Update-

Digium ≫ Asterisk Version1.8.16.0 Updaterc1

Digium ≫ Asterisk Version1.8.16.0 Updaterc2

Digium ≫ Asterisk Version1.8.17.0

Digium ≫ Asterisk Version1.8.17.0 Update-

Digium ≫ Asterisk Version1.8.17.0 Updatepatch

Digium ≫ Asterisk Version1.8.17.0 Updaterc1

Digium ≫ Asterisk Version1.8.17.0 Updaterc2

Digium ≫ Asterisk Version1.8.17.0 Updaterc3

Digium ≫ Asterisk Version1.8.18.0

Digium ≫ Asterisk Version1.8.18.0 Update-

Digium ≫ Asterisk Version1.8.18.0 Updaterc1

Digium ≫ Asterisk Version1.8.18.1

Digium ≫ Asterisk Version1.8.19.0

Digium ≫ Asterisk Version1.8.19.0 Update-

Digium ≫ Asterisk Version1.8.19.0 Updaterc1

Digium ≫ Asterisk Version1.8.19.0 Updaterc3

Digium ≫ Asterisk Version1.8.19.1

Digium ≫ Asterisk Version1.8.20.0 Update-

Digium ≫ Asterisk Version1.8.20.0 Updatepatch

Digium ≫ Asterisk Version1.8.20.0 Updaterc1

Digium ≫ Asterisk Version1.8.20.0 Updaterc2

Digium ≫ Asterisk Version1.8.20.1 Update-

Digium ≫ Asterisk Version1.8.20.1 Updatepatch

Digium ≫ Asterisk Version1.8.20.2 Update-

Digium ≫ Asterisk Version1.8.20.2 Updatepatch

Digium ≫ Asterisk Version1.8.21.0 Update-

Digium ≫ Asterisk Version1.8.21.0 Updaterc1

Digium ≫ Asterisk Version1.8.21.0 Updaterc2

Digium ≫ Asterisk Version1.8.22.0 Update-

Digium ≫ Asterisk Version1.8.22.0 Updaterc1

Digium ≫ Asterisk Version1.8.22.0 Updaterc2

Digium ≫ Asterisk Version1.8.23.0 Update-

Digium ≫ Asterisk Version1.8.23.0 Updatepatch

Digium ≫ Asterisk Version1.8.23.0 Updaterc1

Digium ≫ Asterisk Version1.8.23.0 Updaterc2

Digium ≫ Asterisk Version1.8.23.1

Digium ≫ Asterisk Version1.8.24.0 Update-

Digium ≫ Asterisk Version1.8.24.0 Updaterc1

Digium ≫ Asterisk Version1.8.24.0 Updaterc2

Digium ≫ Asterisk Version1.8.24.1

Digium ≫ Asterisk Version1.8.25.0 Update-

Digium ≫ Asterisk Version1.8.25.0 Updaterc1

Digium ≫ Asterisk Version1.8.25.0 Updaterc2

Digium ≫ Asterisk Version1.8.26.0 Update-

Digium ≫ Asterisk Version1.8.26.0 Updaterc1

Digium ≫ Asterisk Version11.8.0 Update-

Digium ≫ Asterisk Version11.8.0 Updaterc1

Digium ≫ Asterisk Version11.8.0 Updaterc2

Digium ≫ Asterisk Version11.8.0 Updaterc3

Digium ≫ Asterisk Version12.1.0 Update-

Digium ≫ Asterisk Version12.1.0 Updaterc1

Digium ≫ Asterisk Version12.1.0 Updaterc2

Digium ≫ Asterisk Version12.1.0 Updaterc3

Fedoraproject ≫ Fedora Version19

Fedoraproject ≫ Fedora Version20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	22.86%	0.957

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html

http://www.mandriva.com/security/advisories?name=MDVSA-2014:078

http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff

Patch

http://downloads.asterisk.org/pub/security/AST-2014-002.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/66094

https://issues.asterisk.org/jira/browse/ASTERISK-23373

https://nvd.nist.gov/vuln/detail/CVE-2014-2287

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2287

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2287

EUVD