CVE-2013-5642
Asterisk 1.8.x < 1.8.23.1, 10.x < 10.12.3, 11.x < 11.5.1 - Denial of Service via Invalid SDP in SIP Request
Title source: llmDescription
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.
References (10)
Core 10
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54534
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/96690
Patch, Vendor Advisory x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2013-005.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54617
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2749
Various Sources x_refsource_confirm
https://issues.asterisk.org/jira/browse/ASTERISK-22007
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1028957
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/62022
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:223
Scores
EPSS
0.1165
EPSS Percentile
95.5%
Details
CWE
CWE-20
Status
published
Products (22)
digium/asterisk
1.8.17.0 (4 CPE variants)
digium/asterisk
1.8.18.0 (2 CPE variants)
digium/asterisk
1.8.18.1
digium/asterisk
1.8.19.0 (3 CPE variants)
digium/asterisk
1.8.19.1
digium/asterisk
1.8.20.0 (3 CPE variants)
digium/asterisk
1.8.21.0 rc1 (2 CPE variants)
digium/asterisk
1.8.22.0 (3 CPE variants)
digium/asterisk
1.8.23.0 (3 CPE variants)
digium/asterisk
10.10.0 (3 CPE variants)
... and 12 more
Published
Sep 09, 2013
Tracked Since
Feb 18, 2026