Asterisk SIP Channel Driver Uninitialized Variable Request Parsing DoS (AST-2011-012)

Medium Nessus Plugin ID 56922


A telephony application running on the remote host is affected by a denial of service vulnerability.


According to the version in its SIP banner, the version of Asterisk running on the remote host can be crashed remotely by an authenticated user when parsing an invalid SIP URI.


Update to Asterisk / 10.0.0-rc1 or later.

See Also

Plugin Details

Severity: Medium

ID: 56922

File Name: asterisk_ast_2011_012.nasl

Version: $Revision: 1.13 $

Type: remote

Published: 2011/11/22

Modified: 2016/11/11

Dependencies: 63202

Risk Information

Risk Factor: Medium


Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:digium:asterisk

Required KB Items: asterisk/sip_detected, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/10/17

Vulnerability Publication Date: 2011/10/04

Reference Information

CVE: CVE-2011-4063

BID: 50177

OSVDB: 76784