VDB
CVE-2013-5642
CVE-2013-5642
REJECTED
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.
EPSS 5.08% · 90.0th percentile
Risk Scores
EPSS Score
5.08%
90.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | asterisk | 0, *, 1:11.6.0~dfsg-3ubuntu1 |
Exploit Intelligence
- 54534 (circl)
- 96690 (circl)
- http://downloads.asterisk.org/pub/security/AST-2013-005.html (circl)
- 54617 (circl)
- DSA-2749 (circl)
- https://issues.asterisk.org/jira/browse/ASTERISK-22007 (circl)
- 1028957 (circl)
- 62022 (circl)
- 20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request (circl)
- MDVSA-2013:223 (circl)
Timeline
- Sep 9, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Apr 22, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-5642 third-party-advisory
- http://downloads.asterisk.org/pub/security/AST-2013-005.html third-party-advisory
- http://www.openwall.com/lists/oss-security/2013/08/28 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-5642 third-party-advisory