Denial of Service Vulnerability in Asterisk SIP Channel Driver
CVE-2011-4063

Currently unrated

Key Information:

Vendor: Asterisk
Status: Open Source
Vendor: CVE Published:; 21 October 2011

What is CVE-2011-4063?

The SIP channel driver in Asterisk Open Source versions prior to 1.8.7.1 and 10.0.0-rc1 has a flaw that causes improper variable initialization during request parsing. This vulnerability allows remote authenticated users to exploit the system by sending crafted requests, potentially leading to a denial of service through a daemon crash. It is crucial for users of Asterisk to apply the necessary updates to mitigate this risk and ensure system stability.

References

http://www.securitytracker.com/id?1026191

vdb-entryx_refsource_SECTRACK

http://securityreason.com/securityalert/8478

third-party-advisoryx_refsource_SREASON

http://secunia.com/advisories/46420

third-party-advisoryx_refsource_SECUNIA

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 21, 2011
Vulnerability Reserved
Oct 15, 2011