fkie_nvd - fkie_cve-2014-6609

fkie_cve-2014-6609

Vulnerability from fkie_nvd

Published

2014-11-26 15:59

Modified

2025-04-12 10:46

Severity ?

Summary

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

References

	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-009.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-009.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.4.0
digium	asterisk	12.4.0
digium	asterisk	12.5.0
digium	asterisk	12.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B53364B-5278-46E9-961A-192CA334CB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo res_pjsip_pubsub en Asterisk Open Source 12.x anterior a 12.5.1 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de cabeceras manipuladas en una solicitud SIP SUBSCRIBE para un paquete de eventos."
    }
  ],
  "id": "CVE-2014-6609",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-26T15:59:01.447",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-6609 (GCVE-0-2014-6609)

Vulnerability from cvelistv5

Published

2014-11-26 15:00

Modified

2024-08-06 12:24

Severity ?

CWE

Summary

References

URL

Tags

http://downloads.asterisk.org/pub/security/AST-2014-009.html

x_refsource_CONFIRM