CVE-2014-4048
Asterisk Project Security Advisory - AST-2014-008
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.
El controlador de canales PJSIP en Asterisk Open Source anterior a 12.3.1 permite a atacantes remotos causar una denegación de servicio (bloqueo) mediante la terminación de una solicitud de suscripción antes de que se haya completado, lo que provoca un timeout de la transacción SIP.
When a SIP transaction timeout caused a subscription to be terminated, the action taken by Asterisk was guaranteed to deadlock the thread on which SIP requests are serviced. Note that this behavior could only happen on established subscriptions, meaning that this could only be exploited if an attacker bypassed authentication and successfully subscribed to a real resource on the Asterisk server.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-06-12 CVE Reserved
- 2014-06-13 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html | X_refsource_misc |
|
http://www.securityfocus.com/archive/1/532416/100/0/threaded | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://downloads.asterisk.org/pub/security/AST-2014-008.html | 2018-10-09 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | <= 12.3.0 Search vendor "Digium" for product "Asterisk" and version " <= 12.3.0" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.0.0 Search vendor "Digium" for product "Asterisk" and version "12.0.0" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.1.0 Search vendor "Digium" for product "Asterisk" and version "12.1.0" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.1.0 Search vendor "Digium" for product "Asterisk" and version "12.1.0" | rc1 |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.1.0 Search vendor "Digium" for product "Asterisk" and version "12.1.0" | rc2 |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.1.0 Search vendor "Digium" for product "Asterisk" and version "12.1.0" | rc3 |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.1.1 Search vendor "Digium" for product "Asterisk" and version "12.1.1" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.2.0 Search vendor "Digium" for product "Asterisk" and version "12.2.0" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.2.0 Search vendor "Digium" for product "Asterisk" and version "12.2.0" | rc1 |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.2.0 Search vendor "Digium" for product "Asterisk" and version "12.2.0" | rc2 |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.2.0 Search vendor "Digium" for product "Asterisk" and version "12.2.0" | rc3 |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.3.0 Search vendor "Digium" for product "Asterisk" and version "12.3.0" | rc1 |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | 12.3.0 Search vendor "Digium" for product "Asterisk" and version "12.3.0" | rc2 |
Affected
|