Denial of Service Vulnerability in Asterisk Open Source 12.x before 12.1.0

Denial of Service Vulnerability in Asterisk Open Source 12.x before 12.1.0

CVE-2014-2289 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:N/A:P

res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.

Learn more about our Open Source Audit.