Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Asterisk 拒绝服务漏洞
Vulnerability Description
Digium Asterisk是美国Digium公司的一套开源的电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 多款Asterisk产品中存在漏洞,该漏洞源于未正确处理SIP reINVITE请求的临时响应。远程认证用户可利用该漏洞通过缺少最终响应的会话导致拒绝服务(RTP端口用尽)。以下产品中存在该漏洞:Asterisk Open Source 1.8.13.1之前的1.8.x版本和10.5.2之前的10.x版本、Asterisk Business Edit
CVSS Information
N/A
Vulnerability Type
N/A