CVE-2014-6609
Asterisk 12.x < 12.5.1 - Authenticated Denial of Service via SIP SUBSCRIBE Headers
Title source: llmDescription
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2014-009.html
Scores
EPSS
0.0361
EPSS Percentile
88.1%
Details
CWE
CWE-20
Status
published
Products (6)
digium/asterisk
12.0.0
digium/asterisk
12.1.0 (4 CPE variants)
digium/asterisk
12.2.0 (4 CPE variants)
digium/asterisk
12.3.0 (3 CPE variants)
digium/asterisk
12.4.0 (2 CPE variants)
digium/asterisk
12.5.0 (2 CPE variants)
Published
Nov 26, 2014
Tracked Since
Feb 18, 2026