Vulnerability Details CVE-2016-2316
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.2%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 7.1
References
- http://downloads.asterisk.org/pub/security/AST-2016-002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html
- http://www.debian.org/security/2016/dsa-3700
- http://www.securityfocus.com/bid/82651
- http://www.securitytracker.com/id/1034930
- http://downloads.asterisk.org/pub/security/AST-2016-002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html
- http://www.debian.org/security/2016/dsa-3700
- http://www.securityfocus.com/bid/82651
- http://www.securitytracker.com/id/1034930
Products affected by CVE-2016-2316
-
cpe:2.3:a:digium:asterisk:1.8.0
-
cpe:2.3:a:digium:asterisk:1.8.1
-
cpe:2.3:a:digium:asterisk:1.8.1.1
-
cpe:2.3:a:digium:asterisk:1.8.1.2
-
cpe:2.3:a:digium:asterisk:1.8.10.0
-
cpe:2.3:a:digium:asterisk:1.8.10.1
-
cpe:2.3:a:digium:asterisk:1.8.11.0
-
cpe:2.3:a:digium:asterisk:1.8.11.1
-
cpe:2.3:a:digium:asterisk:1.8.12
-
cpe:2.3:a:digium:asterisk:1.8.12.0
-
cpe:2.3:a:digium:asterisk:1.8.12.1
-
cpe:2.3:a:digium:asterisk:1.8.12.2
-
cpe:2.3:a:digium:asterisk:1.8.13.0
-
cpe:2.3:a:digium:asterisk:1.8.13.1
-
cpe:2.3:a:digium:asterisk:1.8.14.0
-
cpe:2.3:a:digium:asterisk:1.8.14.1
-
cpe:2.3:a:digium:asterisk:1.8.15.0
-
cpe:2.3:a:digium:asterisk:1.8.15.1
-
cpe:2.3:a:digium:asterisk:1.8.16.0
-
cpe:2.3:a:digium:asterisk:1.8.17.0
-
cpe:2.3:a:digium:asterisk:1.8.18.0
-
cpe:2.3:a:digium:asterisk:1.8.18.1
-
cpe:2.3:a:digium:asterisk:1.8.19.0
-
cpe:2.3:a:digium:asterisk:1.8.19.1
-
cpe:2.3:a:digium:asterisk:1.8.2
-
cpe:2.3:a:digium:asterisk:1.8.2.1
-
cpe:2.3:a:digium:asterisk:1.8.2.2
-
cpe:2.3:a:digium:asterisk:1.8.2.3
-
cpe:2.3:a:digium:asterisk:1.8.2.4
-
cpe:2.3:a:digium:asterisk:1.8.20.0
-
cpe:2.3:a:digium:asterisk:1.8.20.1
-
cpe:2.3:a:digium:asterisk:1.8.20.2
-
cpe:2.3:a:digium:asterisk:1.8.21.0
-
cpe:2.3:a:digium:asterisk:1.8.22.0
-
cpe:2.3:a:digium:asterisk:1.8.23.0
-
cpe:2.3:a:digium:asterisk:1.8.23.1
-
cpe:2.3:a:digium:asterisk:1.8.24.0
-
cpe:2.3:a:digium:asterisk:1.8.24.1
-
cpe:2.3:a:digium:asterisk:1.8.25.0
-
cpe:2.3:a:digium:asterisk:1.8.26.0
-
cpe:2.3:a:digium:asterisk:1.8.26.1
-
cpe:2.3:a:digium:asterisk:1.8.27.0
-
cpe:2.3:a:digium:asterisk:1.8.28.0
-
cpe:2.3:a:digium:asterisk:1.8.28.1
-
cpe:2.3:a:digium:asterisk:1.8.28.2
-
cpe:2.3:a:digium:asterisk:1.8.3
-
cpe:2.3:a:digium:asterisk:1.8.3.1
-
cpe:2.3:a:digium:asterisk:1.8.3.2
-
cpe:2.3:a:digium:asterisk:1.8.3.3
-
cpe:2.3:a:digium:asterisk:1.8.32.0
-
cpe:2.3:a:digium:asterisk:1.8.4
-
cpe:2.3:a:digium:asterisk:1.8.4.1
-
cpe:2.3:a:digium:asterisk:1.8.4.2
-
cpe:2.3:a:digium:asterisk:1.8.4.3
-
cpe:2.3:a:digium:asterisk:1.8.4.4
-
cpe:2.3:a:digium:asterisk:1.8.5
-
cpe:2.3:a:digium:asterisk:1.8.5.0
-
cpe:2.3:a:digium:asterisk:1.8.6.0
-
cpe:2.3:a:digium:asterisk:1.8.7.0
-
cpe:2.3:a:digium:asterisk:1.8.7.1
-
cpe:2.3:a:digium:asterisk:1.8.8.0
-
cpe:2.3:a:digium:asterisk:1.8.8.1
-
cpe:2.3:a:digium:asterisk:1.8.8.2
-
cpe:2.3:a:digium:asterisk:1.8.9.0
-
cpe:2.3:a:digium:asterisk:1.8.9.1
-
cpe:2.3:a:digium:asterisk:1.8.9.2
-
cpe:2.3:a:digium:asterisk:1.8.9.3
-
cpe:2.3:a:digium:asterisk:11.0.0
-
cpe:2.3:a:digium:asterisk:11.0.1
-
cpe:2.3:a:digium:asterisk:11.0.2
-
cpe:2.3:a:digium:asterisk:11.1.0
-
cpe:2.3:a:digium:asterisk:11.1.1
-
cpe:2.3:a:digium:asterisk:11.1.2
-
cpe:2.3:a:digium:asterisk:11.10.0
-
cpe:2.3:a:digium:asterisk:11.10.1
-
cpe:2.3:a:digium:asterisk:11.11.0
-
cpe:2.3:a:digium:asterisk:11.12.0
-
cpe:2.3:a:digium:asterisk:11.13.0
-
cpe:2.3:a:digium:asterisk:11.14.0
-
cpe:2.3:a:digium:asterisk:11.15.0
-
cpe:2.3:a:digium:asterisk:11.16.0
-
cpe:2.3:a:digium:asterisk:11.17.0
-
cpe:2.3:a:digium:asterisk:11.18.0
-
cpe:2.3:a:digium:asterisk:11.19.0
-
cpe:2.3:a:digium:asterisk:11.2.0
-
cpe:2.3:a:digium:asterisk:11.20.0
-
cpe:2.3:a:digium:asterisk:11.21.0
-
cpe:2.3:a:digium:asterisk:11.4.0
-
cpe:2.3:a:digium:asterisk:11.6.0
-
cpe:2.3:a:digium:asterisk:11.7.0
-
cpe:2.3:a:digium:asterisk:11.8.0
-
cpe:2.3:a:digium:asterisk:11.8.1
-
cpe:2.3:a:digium:asterisk:11.9.0
-
cpe:2.3:a:digium:asterisk:12.0.0
-
cpe:2.3:a:digium:asterisk:12.1.0
-
cpe:2.3:a:digium:asterisk:12.1.1
-
cpe:2.3:a:digium:asterisk:12.2.0
-
cpe:2.3:a:digium:asterisk:12.3.0
-
cpe:2.3:a:digium:asterisk:12.3.1
-
cpe:2.3:a:digium:asterisk:12.3.2
-
cpe:2.3:a:digium:asterisk:12.4.0
-
cpe:2.3:a:digium:asterisk:12.5.0
-
cpe:2.3:a:digium:asterisk:12.6.0
-
cpe:2.3:a:digium:asterisk:12.7.0
-
cpe:2.3:a:digium:asterisk:12.7.1
-
cpe:2.3:a:digium:asterisk:12.8.0
-
cpe:2.3:a:digium:asterisk:12.8.1
-
cpe:2.3:a:digium:asterisk:12.8.2
-
cpe:2.3:a:digium:asterisk:13.0.0
-
cpe:2.3:a:digium:asterisk:13.0.1
-
cpe:2.3:a:digium:asterisk:13.1.0
-
cpe:2.3:a:digium:asterisk:13.2.0
-
cpe:2.3:a:digium:asterisk:13.3.0
-
cpe:2.3:a:digium:asterisk:13.4.0
-
cpe:2.3:a:digium:asterisk:13.5.0
-
cpe:2.3:a:digium:asterisk:13.6.0
-
cpe:2.3:a:digium:asterisk:13.7.0
-
cpe:2.3:a:digium:certified_asterisk:1.8.28
-
cpe:2.3:a:digium:certified_asterisk:11.6
-
cpe:2.3:a:digium:certified_asterisk:11.6.0
-
cpe:2.3:a:digium:certified_asterisk:13.1
-
cpe:2.3:a:digium:certified_asterisk:13.1.0
-
cpe:2.3:o:fedoraproject:fedora:22
-
cpe:2.3:o:fedoraproject:fedora:23