Launchpad.net

CVE 2013-5642

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.

Related bugs and status

CVE-2013-5642 (Candidate) is related to these bugs:

Bug #1180308: Update to 11.3

Summary				In	Importance	Status
	1180308	Update to 11.3		asterisk (Ubuntu)	Wishlist	Fix Released
	1180308	Update to 11.3		asterisk (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20130827 AST-2013-005:...
CONFIRM: http://downloads.aster...
CONFIRM: https://issues.asteris...
MANDRIVA: MDVSA-2013:223
BID: 62022
OSVDB: 96690
SECTRACK: 1028957
SECUNIA: 54534
DEBIAN: DSA-2749
SECUNIA: 54617