CVE-2015-1558
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
09/02/2015
Last modified:
12/04/2025
Description
Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.
Impact
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://downloads.asterisk.org/pub/security/AST-2015-001.html
- http://seclists.org/fulldisclosure/2015/Jan/116
- http://www.securityfocus.com/archive/1/534573/100/0/threaded
- http://www.securitytracker.com/id/1031661
- http://downloads.asterisk.org/pub/security/AST-2015-001.html
- http://seclists.org/fulldisclosure/2015/Jan/116
- http://www.securityfocus.com/archive/1/534573/100/0/threaded
- http://www.securitytracker.com/id/1031661