Vulnerability Details : CVE-2013-5641
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowMemory CorruptionDenial of service
Threat overview for CVE-2013-5641
Top countries where our scanners detected CVE-2013-5641
Top open port discovered on systems with this issue
80
IPs affected by CVE-2013-5641 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-5641!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-5641
Probability of exploitation activity in the next 30 days: 84.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5641
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-5641
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5641
-
http://www.securitytracker.com/id/1028956
Asterisk SIP ACK With SDP Processing Error Lets Remote Users Deny Service - SecurityTracker
-
http://seclists.org/bugtraq/2013/Aug/185
Bugtraq: AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDPPatch
-
http://downloads.asterisk.org/pub/security/AST-2013-004.html
AST-2013-004Patch
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:223
mandriva.com
-
http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html
-
http://www.debian.org/security/2013/dsa-2749
Debian -- Security Information -- DSA-2749-1 asterisk
-
http://www.securityfocus.com/bid/62021
Multiple Asterisk Products SIP ACK With SDP Denial of Service Vulnerability
-
https://issues.asterisk.org/jira/browse/ASTERISK-21064
[ASTERISK-21064] Crash when handling ACK on dialog that has no channel - Digium/Asterisk JIRAVendor Advisory
Products affected by CVE-2013-5641
- cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*