Vulnerability in Digium Asterisk

CVE-2014-6610

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call…

EPSS: 0.015 (81.6th percentile) — read the EPSS interpretation.

Affected products

Digium Asterisk — versions 11.0.0, 11.1.0, 11.2.0
Digium Certified_asterisk — versions 11.6, 11.6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-19

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)