CVE-2014-2287

low

Published 2014-04-18 · Modified 2026-05-06

CVSS v3

—

CVSS v2

3.5

VIR risk

3.5

Description

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://downloads.asterisk.org/pub/security/AST-2014-002.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-2287

OS impact

OS	Version	Status	Fixed in
debian	bullseye	fixed	`1:11.8.1~dfsg-1`
debian	sid	fixed	`1:11.8.1~dfsg-1`
fedora	19	affected
fedora	20	affected

Application impact

Vendor	Product	Versions
digium	certified_asterisk	`1.8.0.0`
digium	certified_asterisk	`1.8.1.0`
digium	certified_asterisk	`1.8.2.0`
digium	certified_asterisk	`1.8.3.0`
digium	certified_asterisk	`1.8.4.0`
digium	certified_asterisk	`1.8.5.0`
digium	certified_asterisk	`1.8.6.0`
digium	certified_asterisk	`1.8.7.0`
digium	certified_asterisk	`1.8.8.0`
digium	certified_asterisk	`1.8.9.0`
digium	certified_asterisk	`1.8.10.0`
digium	certified_asterisk	`1.8.11.0`
digium	certified_asterisk	`1.8.12.0`
digium	certified_asterisk	`1.8.13.0`
digium	certified_asterisk	`1.8.14.0`
digium	certified_asterisk	`1.8.15`
digium	certified_asterisk	`11.6`
digium	certified_asterisk	`11.6.0`
digium	asterisk	`1.8.0`
digium	asterisk	`1.8.1`
digium	asterisk	`1.8.1.1`
digium	asterisk	`1.8.1.2`
digium	asterisk	`1.8.2`
digium	asterisk	`1.8.2.1`
digium	asterisk	`1.8.2.2`
digium	asterisk	`1.8.2.3`
digium	asterisk	`1.8.2.4`
digium	asterisk	`1.8.3`
digium	asterisk	`1.8.3.1`
digium	asterisk	`1.8.3.2`
digium	asterisk	`1.8.3.3`
digium	asterisk	`1.8.4`
digium	asterisk	`1.8.4.1`
digium	asterisk	`1.8.4.2`
digium	asterisk	`1.8.4.3`
digium	asterisk	`1.8.4.4`
digium	asterisk	`1.8.5`
digium	asterisk	`1.8.5.0`
digium	asterisk	`1.8.6.0`
digium	asterisk	`1.8.7.0`
digium	asterisk	`1.8.7.1`
digium	asterisk	`1.8.8.0`
digium	asterisk	`1.8.8.1`
digium	asterisk	`1.8.8.2`
digium	asterisk	`1.8.9.0`
digium	asterisk	`1.8.9.1`
digium	asterisk	`1.8.9.2`
digium	asterisk	`1.8.9.3`
digium	asterisk	`1.8.10.0`
digium	asterisk	`1.8.10.1`
digium	asterisk	`1.8.11.0`
digium	asterisk	`1.8.11.1`
digium	asterisk	`1.8.12`
digium	asterisk	`1.8.12.0`
digium	asterisk	`1.8.12.1`
digium	asterisk	`1.8.12.2`
digium	asterisk	`1.8.13.0`
digium	asterisk	`1.8.13.1`
digium	asterisk	`1.8.14.0`
digium	asterisk	`1.8.14.1`
digium	asterisk	`1.8.15.0`
digium	asterisk	`1.8.15.1`
digium	asterisk	`1.8.16.0`
digium	asterisk	`1.8.17.0`
digium	asterisk	`1.8.18.0`
digium	asterisk	`1.8.18.1`
digium	asterisk	`1.8.19.0`
digium	asterisk	`1.8.19.1`
digium	asterisk	`1.8.20.0`
digium	asterisk	`1.8.20.1`
digium	asterisk	`1.8.20.2`
digium	asterisk	`1.8.21.0`
digium	asterisk	`1.8.22.0`
digium	asterisk	`1.8.23.0`
digium	asterisk	`1.8.23.1`
digium	asterisk	`1.8.24.0`
digium	asterisk	`1.8.24.1`
digium	asterisk	`1.8.25.0`
digium	asterisk	`1.8.26.0`
digium	asterisk	`11.8.0`
digium	asterisk	`12.1.0`

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.