CVE-2011-4063

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
21/10/2011
Last modified:
11/04/2025

Description

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:asterisk:open_source:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*