CVE-2013-5642

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.8.x through 1.8.22 Asterisk Open Source versions 10.x through 10.12.2 Asterisk Open Source versions 11.x through 11.4 Certified Asterisk versions 1.8.15 through 1.8.15-cert2 Certified Asterisk versions 11.2 through 11.2-cert1 Asterisk Digiumphones versions 10.x-digiumphones through 10.12.2-digiumphones

Description The issue allows remote attackers to cause a denial of service via an invalid SDP in a SIP request. This can result in a NULL pointer dereference, segmentation fault, and daemon crash. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For Asterisk Open Source versions 1.8.x through 1.8.22, update to version 1.8.23.1 or later. For Asterisk Open Source versions 10.x through 10.12.2, update to version 10.12.3 or later. For Asterisk Open Source versions 11.x through 11.4, update to version 11.5.1 or later. For Certified Asterisk versions 1.8.15 through 1.8.15-cert2, update to version 1.8.15-cert3 or later. For Certified Asterisk versions 11.2 through 11.2-cert1, update to version 11.2-cert2 or later. For Asterisk Digiumphones versions 10.x-digiumphones through 10.12.2-digiumphones, update to version 10.12.3-digiumphones or later.