The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/54534 | third party advisory vendor advisory |
| http://osvdb.org/96690 | vdb entry |
| http://downloads.asterisk.org/pub/security/AST-2013-005.html | patch vendor advisory |
| http://secunia.com/advisories/54617 | third party advisory |
| http://www.debian.org/security/2013/dsa-2749 | vendor advisory |
| https://issues.asterisk.org/jira/browse/ASTERISK-22007 | |
| http://www.securitytracker.com/id/1028957 | vdb entry |
| http://www.securityfocus.com/bid/62022 | vdb entry |
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html | mailing list |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:223 | vendor advisory |