Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*
There are 24 matching records.
Displaying matches 21 through 24.
Vuln ID Summary CVSS Severity
CVE-2014-4045

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.

Published: June 17, 2014; 10:55:07 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-2289

res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.

Published: April 18, 2014; 6:14:38 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-2288

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.

Published: April 18, 2014; 6:14:38 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-0495

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

Published: January 20, 2011; 2:00:08 PM -0500
V3.x:(not available)
V2.0: 6.0 MEDIUM