CVE-2006-5445

Description

Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.

How to fix CVE-2006-5445

To remediate CVE-2006-5445, upgrade the affected package to a fixed version below.

• Debian/asterisk—upgrade to 1:1.2.13~dfsg-1 or later

Is CVE-2006-5445 being exploited?

Moderate — EPSS is 10.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1:1.2.13~dfsg-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-5445