CVE-2014-8415

Name: CVE-2014-8415
Creator: NVD / NIST
Published: 2014-11-24T15:59:07.327+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.04%

Last modified Jun 17, 2026

CVE-2014-8415 is a vulnerability of currently unknown severity. Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.. EPSS estimates a 3.04% chance of exploitation in the next 30 days.

Description

Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.

Metrics

EPSS Probability

3.04%

85.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Digium	Asterisk	>= 12.0.0, < 12.7.1
Digium	Asterisk	>= 13.0.0, < 13.0.1

References

http://downloads.asterisk.org/pub/security/AST-2014-015.htmlVendor Advisory
http://downloads.asterisk.org/pub/security/AST-2014-015.htmlVendor Advisory

Timeline

Published: Nov 24, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-8415?

How severe is CVE-2014-8415?

Severity scoring for CVE-2014-8415 is pending analysis. The EPSS model estimates a 3.04% probability of exploitation in the next 30 days.

How do I fix CVE-2014-8415?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-8415?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST