The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.
Advisories
Source ID Title
EUVD EUVD EUVD-2014-3976 The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-06T11:04:28.408Z

Reserved: 2014-06-12T00:00:00

Link: CVE-2014-4045

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2014-06-17T14:55:07.830

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-4045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.