vulnerability
FreeBSD: VID-7fda7920-7603-11e6-b362-001999f8d30b: asterisk -- Crash on ACK from unknown endpoint
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Sep 8, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Sep 8, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
The Asterisk project reports: Asterisk can be crashed remotely by sending an ACK to it from an endpoint username that Asterisk does not recognize. Most SIP request types result in an "artificial" endpoint being looked up, but ACKs bypass this lookup. The resulting NULL pointer results in a crash when attempting to determine if ACLs should be applied. This issue was introduced in the Asterisk 13.10 release and only affects that release. This issue only affects users using the PJSIP stack with Asterisk. Those users that use chan_sip are unaffected.
Solution
freebsd-upgrade-package-asterisk13
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.