CVE-2014-2288

Asterisk 12.x < 12.1.1 - Denial of Service via PJSIP OPTIONS Request Handling

Title source: llm
STIX 2.1

Description

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.

References (5)

Core 5
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
Various Sources x_refsource_confirm
https://issues.asterisk.org/jira/browse/ASTERISK-23210

Scores

EPSS 0.0435
EPSS Percentile 90.1%

Details

CWE
CWE-20
Status published
Products (2)
digium/asterisk 12.0.0
digium/asterisk 12.1.0 (4 CPE variants)
Published Apr 18, 2014
Tracked Since Feb 18, 2026