Description
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.
References (8)
Core 8
Core References
Various Sources x_refsource_misc
https://issues.asterisk.org/jira/browse/ASTERISK-19770
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/81456
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53205
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026963
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75101
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48891
Patch, Vendor Advisory x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2012-006.html
Scores
EPSS
0.0219
EPSS Percentile
80.3%
Details
CWE
CWE-119
Status
published
Products (22)
asterisk/open_source
1.6.2.0 (8 CPE variants)
asterisk/open_source
1.6.2.1 (2 CPE variants)
asterisk/open_source
1.6.2.2
asterisk/open_source
1.6.2.3 rc2
asterisk/open_source
1.6.2.4
asterisk/open_source
1.6.2.5
asterisk/open_source
1.6.2.6 (3 CPE variants)
asterisk/open_source
1.6.2.7 (4 CPE variants)
asterisk/open_source
1.6.2.8 (2 CPE variants)
asterisk/open_source
1.6.2.9 (4 CPE variants)
... and 12 more
Published
Apr 30, 2012
Tracked Since
Feb 18, 2026