Page 2 of 31 results (0.011 seconds)

CVSS: 7.5EPSS: 78%CPEs: 7EXPL: 1

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash. Se ha descubierto un problema de desbordamiento de búfer en Asterisk hasta la versión 13.19.1; versiones 14.x anteriores a la 14.7.5 y las versiones 15.x anteriores a la 15.2.1, así como Certified Asterisk hasta la versión 13.18-cert2. • https://www.exploit-db.com/exploits/44184 http://downloads.asterisk.org/pub/security/AST-2018-004.html http://www.securityfocus.com/bid/103151 http://www.securitytracker.com/id/1040416 https://www.debian.org/security/2018/dsa-4320 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 20%CPEs: 5EXPL: 1

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection. Se ha descubierto un problema en Asterisk hasta la versión 13.19.1, versiones 14.x hasta la 14.7.5 y versiones 15.x hasta la 15.2.1; así como Certified Asterisk hasta la versión 13.18-cert2. res_pjsip permite que usuarios remotos autenticados provoquen el cierre inesperado de Asterisk (fallo de segmentación) mediante el envío de mensajes SIP INVITE en una conexión TCP o TLS para después cerrar la conexión repentinamente. Asterisk running chan_pjsip suffers from an INVITE message denial of service vulnerability. Versions affected include Versions affected include 15.2.0, 15.1.0, 15.0.0, 13.19.0, 13.11.2, and 14.7.5. • https://www.exploit-db.com/exploits/44181 http://downloads.asterisk.org/pub/security/AST-2018-005.html http://www.securityfocus.com/bid/103129 http://www.securitytracker.com/id/1040417 https://issues.asterisk.org/jira/browse/ASTERISK-27618 https://www.debian.org/security/2018/dsa-4320 •

CVSS: 5.9EPSS: 92%CPEs: 16EXPL: 0

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack. Se ha descubierto un problema de cierre inesperado remoto en Asterisk Open Source en versiones 13.x anteriores a la 13.18.4; versiones 14.x anteriores a la 14.7.4 y las versiones 15.x anteriores a la 15.1.4, así como Certified Asterisk en versiones anteriores a la 13.13-cert9. Ciertos paquetes compuestos RTCP pueden provocar un cierre inesperado en la pila RTCP. • http://downloads.digium.com/pub/security/AST-2017-012.html http://www.securityfocus.com/bid/102201 http://www.securitytracker.com/id/1040009 https://issues.asterisk.org/jira/browse/ASTERISK-27382 https://issues.asterisk.org/jira/browse/ASTERISK-27429 https://www.debian.org/security/2017/dsa-4076 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 69%CPEs: 15EXPL: 1

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind. Se ha descubierto un problema en chan_skinny.c en Asterisk Open Source en versiones 13.18.2 y anteriores, 14.7.2 y anteriores y 15.1.2 y anteriores y en Certified Asterisk 13.13-cert7 y anteriores. Si el controlador de canal chan_skinny (también conocido como protocolo SCCP) se inunda a base de determinadas peticiones, puede provocar que el proceso de asterisk utilice cantidades excesivas de memoria virtual, finalmente provocando que asterisk deje de procesar cualquier tipo de peticiones. • https://www.exploit-db.com/exploits/43992 http://downloads.digium.com/pub/security/AST-2017-013.html http://www.securityfocus.com/bid/102023 http://www.securitytracker.com/id/1039948 https://issues.asterisk.org/jira/browse/ASTERISK-27452 https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html https://www.debian.org/security/2017/dsa-4076 • CWE-459: Incomplete Cleanup •

CVSS: 7.5EPSS: 0%CPEs: 189EXPL: 0

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. En Asterisk enversiones 11.x anteriores a la 11.25.3, versiones 13.x anteriores a la 13.17.2 y versiones 14.x anteriores a la 14.6.2; y en Certified Asterisk en versiones 11.x anteriores a la 11.6-cert18 y versiones 13.x anteriores a la 13.13-cert6, una validación insuficiente de paquetes RTCP podría permitir la lectura de contenidos obsoletos del búfer y, cuando se combina con las opciones "nat" y "symmetric_rtp", permite las redirecciones en las que Asterisk envía el siguiente informe RTCP. • http://downloads.asterisk.org/pub/security/AST-2017-008.html http://www.debian.org/security/2017/dsa-3990 https://issues.asterisk.org/jira/browse/ASTERISK-27274 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •