Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2014-2288

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.

  • Published: Apr 19, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-2288
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
digium / asterisk 12.0.0 12.0.0.x
digium / asterisk 12.1.0-rc3 12.1.0-rc3.x
digium / asterisk 12.1.0-rc1 12.1.0-rc1.x
digium / asterisk 12.1.0 12.1.0.x
digium / asterisk 12.1.0-rc2 12.1.0-rc2.x