{"id":"MGASA-2013-0266","summary":"Updated asterisk package fixes security vulnerabilities","details":"A remotely exploitable crash vulnerability exists in the SIP channel\ndriver if an ACK with SDP is received after the channel has been\nterminated. The handling code incorrectly assumes that the channel\nwill always be present (CVE-2013-5641).\n\nA remotely exploitable crash vulnerability exists in the SIP channel\ndriver if an invalid SDP is sent in a SIP request that defines media\ndescriptions   before connection information. The handling code\nincorrectly attempts to reference the socket address information even\nthough that information has not yet been set (CVE-2013-5642).\n","modified":"2026-01-31T03:51:28.243814Z","published":"2013-08-30T17:36:06Z","related":["CVE-2013-5641","CVE-2013-5642"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0266.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11094"},{"type":"REPORT","url":"http://downloads.asterisk.org/pub/security/AST-2013-004.html"},{"type":"REPORT","url":"http://downloads.asterisk.org/pub/security/AST-2013-005.html"}],"affected":[{"package":{"name":"asterisk","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/asterisk?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.5.1-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0266.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}