Improper input validation in Digium Asterisk

CVE-2014-6609

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.010 (77.2th percentile) — read the EPSS interpretation.

Affected products

Digium Asterisk — versions 12.0.0, 12.1.0, 12.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)