Vulnerability Details CVE-2011-4598
The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.5%
CVSS Severity
CVSS v2 Score 4.3
References
- http://downloads.asterisk.org/pub/security/AST-2011-014.html
- http://openwall.com/lists/oss-security/2011/12/09/3
- http://openwall.com/lists/oss-security/2011/12/09/4
- http://osvdb.org/77598
- http://secunia.com/advisories/47273
- http://www.debian.org/security/2011/dsa-2367
- http://downloads.asterisk.org/pub/security/AST-2011-014.html
- http://openwall.com/lists/oss-security/2011/12/09/3
- http://openwall.com/lists/oss-security/2011/12/09/4
- http://osvdb.org/77598
- http://secunia.com/advisories/47273
- http://www.debian.org/security/2011/dsa-2367
Products affected by CVE-2011-4598
-
cpe:2.3:a:digium:asterisk:1.6.2.0
-
cpe:2.3:a:digium:asterisk:1.6.2.1
-
cpe:2.3:a:digium:asterisk:1.6.2.15
-
cpe:2.3:a:digium:asterisk:1.6.2.16
-
cpe:2.3:a:digium:asterisk:1.6.2.16.1
-
cpe:2.3:a:digium:asterisk:1.6.2.16.2
-
cpe:2.3:a:digium:asterisk:1.6.2.17
-
cpe:2.3:a:digium:asterisk:1.6.2.17.1
-
cpe:2.3:a:digium:asterisk:1.6.2.17.2
-
cpe:2.3:a:digium:asterisk:1.6.2.17.3
-
cpe:2.3:a:digium:asterisk:1.6.2.18
-
cpe:2.3:a:digium:asterisk:1.6.2.19
-
cpe:2.3:a:digium:asterisk:1.6.2.2
-
cpe:2.3:a:digium:asterisk:1.6.2.20
-
cpe:2.3:a:digium:asterisk:1.6.2.21
-
cpe:2.3:a:digium:asterisk:1.6.2.3
-
cpe:2.3:a:digium:asterisk:1.6.2.4
-
cpe:2.3:a:digium:asterisk:1.6.2.5
-
cpe:2.3:a:digium:asterisk:1.6.2.6
-
cpe:2.3:a:digium:asterisk:1.8.0
-
cpe:2.3:a:digium:asterisk:1.8.1
-
cpe:2.3:a:digium:asterisk:1.8.1.1
-
cpe:2.3:a:digium:asterisk:1.8.1.2
-
cpe:2.3:a:digium:asterisk:1.8.2
-
cpe:2.3:a:digium:asterisk:1.8.2.1
-
cpe:2.3:a:digium:asterisk:1.8.2.2
-
cpe:2.3:a:digium:asterisk:1.8.2.3
-
cpe:2.3:a:digium:asterisk:1.8.2.4
-
cpe:2.3:a:digium:asterisk:1.8.3
-
cpe:2.3:a:digium:asterisk:1.8.3.1
-
cpe:2.3:a:digium:asterisk:1.8.3.2
-
cpe:2.3:a:digium:asterisk:1.8.3.3
-
cpe:2.3:a:digium:asterisk:1.8.4
-
cpe:2.3:a:digium:asterisk:1.8.4.1
-
cpe:2.3:a:digium:asterisk:1.8.4.2
-
cpe:2.3:a:digium:asterisk:1.8.4.3
-
cpe:2.3:a:digium:asterisk:1.8.4.4
-
cpe:2.3:a:digium:asterisk:1.8.5
-
cpe:2.3:a:digium:asterisk:1.8.5.0
-
cpe:2.3:a:digium:asterisk:1.8.6.0
-
cpe:2.3:a:digium:asterisk:1.8.7.0
-
cpe:2.3:a:digium:asterisk:1.8.7.1