CVE-2014-6609

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions prior to 12.5.1

Description The issue allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package. This is related to the res pjsip pubsub module.

Recommendations For versions prior to 12.5.1, update to version 12.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the res pjsip pubsub module to minimize the risk of exploitation.