CVE-2015-1558

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.

Published: Feb 9, 2015
Updated: Nov 9, 2025
CVE: CVE-2015-1558
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
digium / asterisk	13.1.0	13.1.0.x
digium / asterisk	13.1.0-rc2	13.1.0-rc2.x
digium / asterisk	12.0.0	12.0.0.x
digium / asterisk	12.3.1	12.3.1.x
digium / asterisk	13.1.0-rc1	13.1.0-rc1.x
digium / asterisk	12.3.0-rc2	12.3.0-rc2.x
digium / asterisk	12.1.0-rc3	12.1.0-rc3.x
digium / asterisk	12.7.0-rc1	12.7.0-rc1.x
digium / asterisk	13.2.0	13.2.0.x
digium / asterisk	12.4.0-rc1	12.4.0-rc1.x
digium / asterisk	12.1.1	12.1.1.x
digium / asterisk	12.7.0-rc2	12.7.0-rc2.x
digium / asterisk	13.2.0-rc1	13.2.0-rc1.x
digium / asterisk	12.2.0-rc3	12.2.0-rc3.x
digium / asterisk	12.8.0-rc2	12.8.0-rc2.x
digium / asterisk	12.1.0-rc1	12.1.0-rc1.x
digium / asterisk	12.5.0	12.5.0.x
digium / asterisk	12.8.0	12.8.0.x
digium / asterisk	12.2.0-rc2	12.2.0-rc2.x
digium / asterisk	13.0.0	13.0.0.x
digium / asterisk	12.8.1	12.8.1.x
digium / asterisk	12.3.2	12.3.2.x
digium / asterisk	12.3.0	12.3.0.x
digium / asterisk	12.5.0-rc1	12.5.0-rc1.x
digium / asterisk	12.8.0-rc1	12.8.0-rc1.x
digium / asterisk	12.4.0	12.4.0.x
digium / asterisk	12.3.0-rc1	12.3.0-rc1.x
digium / asterisk	12.6.0	12.6.0.x
digium / asterisk	12.1.0	12.1.0.x
digium / asterisk	12.7.0	12.7.0.x
digium / asterisk	12.2.0-rc1	12.2.0-rc1.x
digium / asterisk	12.2.0	12.2.0.x
digium / asterisk	12.1.0-rc2	12.1.0-rc2.x
digium / asterisk	12.6.0-rc1	12.6.0-rc1.x

Vulnerability Database

317,095

CVE-2015-1558

Deep Security Visibility Without the Complexity