CVE-2014-8415

Description

Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.

How to fix CVE-2014-8415

To remediate CVE-2014-8415, upgrade the affected package to a fixed version below.

• Debian/asterisk—upgrade to 1:13.1.0~dfsg-1 or later

Is CVE-2014-8415 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:13.1.0~dfsg-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-8415