CVE-2013-5641

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.8.17.x through 1.8.22.x Asterisk Open Source version 1.8.23.x before 1.8.23.1 Asterisk Open Source versions 11.x before 11.5.1 Certified Asterisk version 1.8.15 before 1.8.15-cert3 Certified Asterisk version 11.2 before 11.2-cert2

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference, segmentation fault, and daemon crash. This can be achieved via an ACK with SDP to a previously terminated channel.

Recommendations For Asterisk Open Source versions 1.8.17.x through 1.8.22.x, update to version 1.8.23.1 or later. For Asterisk Open Source version 1.8.23.x before 1.8.23.1, update to version 1.8.23.1 or later. For Asterisk Open Source versions 11.x before 11.5.1, update to version 11.5.1 or later. For Certified Asterisk version 1.8.15 before 1.8.15-cert3, update to version 1.8.15-cert3 or later. For Certified Asterisk version 11.2 before 11.2-cert2, update to version 11.2-cert2 or later.