CVE-2015-1558

Description

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.

How to fix CVE-2015-1558

To remediate CVE-2015-1558, upgrade the affected package to a fixed version below.

• Debian/asterisk—upgrade to 1:13.1.0~dfsg-1.1 or later

Is CVE-2015-1558 being exploited?

Moderate — EPSS is 15.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1:13.1.0~dfsg-1.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-1558