CVE-2014-6609

Asterisk 12.x < 12.5.1 - Authenticated Denial of Service via SIP SUBSCRIBE Headers

Title source: llm
STIX 2.1

Description

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2014-009.html

Scores

EPSS 0.0361
EPSS Percentile 88.1%

Details

CWE
CWE-20
Status published
Products (6)
digium/asterisk 12.0.0
digium/asterisk 12.1.0 (4 CPE variants)
digium/asterisk 12.2.0 (4 CPE variants)
digium/asterisk 12.3.0 (3 CPE variants)
digium/asterisk 12.4.0 (2 CPE variants)
digium/asterisk 12.5.0 (2 CPE variants)
Published Nov 26, 2014
Tracked Since Feb 18, 2026