Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2014-8416

Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.5%
CVSS Severity
CVSS v2 Score 5.0
Products affected by CVE-2014-8416
  • Digium » Asterisk » Version: 12.0.0
    cpe:2.3:a:digium:asterisk:12.0.0
  • Digium » Asterisk » Version: 12.1.0
    cpe:2.3:a:digium:asterisk:12.1.0
  • Digium » Asterisk » Version: 12.1.1
    cpe:2.3:a:digium:asterisk:12.1.1
  • Digium » Asterisk » Version: 12.2.0
    cpe:2.3:a:digium:asterisk:12.2.0
  • Digium » Asterisk » Version: 12.3.0
    cpe:2.3:a:digium:asterisk:12.3.0
  • Digium » Asterisk » Version: 12.3.1
    cpe:2.3:a:digium:asterisk:12.3.1
  • Digium » Asterisk » Version: 12.3.2
    cpe:2.3:a:digium:asterisk:12.3.2
  • Digium » Asterisk » Version: 12.4.0
    cpe:2.3:a:digium:asterisk:12.4.0
  • Digium » Asterisk » Version: 12.5.0
    cpe:2.3:a:digium:asterisk:12.5.0
  • Digium » Asterisk » Version: 12.5.1
    cpe:2.3:a:digium:asterisk:12.5.1
  • Digium » Asterisk » Version: 12.6.0
    cpe:2.3:a:digium:asterisk:12.6.0
  • Digium » Asterisk » Version: 12.6.1
    cpe:2.3:a:digium:asterisk:12.6.1
  • Digium » Asterisk » Version: 12.7.0
    cpe:2.3:a:digium:asterisk:12.7.0
  • Digium » Asterisk » Version: 13.0.0
    cpe:2.3:a:digium:asterisk:13.0.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved