Vulnerability in Digium Asterisk

CVE-2015-1558

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) vi…

EPSS: 0.157 (94.8th percentile) — read the EPSS interpretation.

Affected products

Digium Asterisk — versions 12.0.0, 12.1.0, 12.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-399

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
1031661 (vdb-entry, x_refsource_SECTRACK)
20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered (mailing-list, x_refsource_FULLDISC)
20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered (mailing-list, x_refsource_BUGTRAQ)