CVSS: 7.5EPSS: 78%CPEs: 7EXPL: 1CVE-2018-7284 – Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack Corruption
https://notcve.org/view.php?id=CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash. Se ha descubierto un problema de desbordamiento de búfer en Asterisk hasta la versión 13.19.1; versiones 14.x anteriores a la 14.7.5 y las versiones 15.x anteriores a la 15.2.1, así como Certified Asterisk hasta la versión 13.18-cert2. • https://www.exploit-db.com/exploits/44184 http://downloads.asterisk.org/pub/security/AST-2018-004.html http://www.securityfocus.com/bid/103151 http://www.securitytracker.com/id/1040416 https://www.debian.org/security/2018/dsa-4320 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 20%CPEs: 5EXPL: 1CVE-2018-7286 – Asterisk chan_pjsip 15.2.0 - 'INVITE' Denial of Service
https://notcve.org/view.php?id=CVE-2018-7286
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection. Se ha descubierto un problema en Asterisk hasta la versión 13.19.1, versiones 14.x hasta la 14.7.5 y versiones 15.x hasta la 15.2.1; así como Certified Asterisk hasta la versión 13.18-cert2. res_pjsip permite que usuarios remotos autenticados provoquen el cierre inesperado de Asterisk (fallo de segmentación) mediante el envío de mensajes SIP INVITE en una conexión TCP o TLS para después cerrar la conexión repentinamente. Asterisk running chan_pjsip suffers from an INVITE message denial of service vulnerability. Versions affected include Versions affected include 15.2.0, 15.1.0, 15.0.0, 13.19.0, 13.11.2, and 14.7.5. • https://www.exploit-db.com/exploits/44181 http://downloads.asterisk.org/pub/security/AST-2018-005.html http://www.securityfocus.com/bid/103129 http://www.securitytracker.com/id/1040417 https://issues.asterisk.org/jira/browse/ASTERISK-27618 https://www.debian.org/security/2018/dsa-4320 •
CVSS: 5.9EPSS: 16%CPEs: 14EXPL: 0CVE-2018-7287
https://notcve.org/view.php?id=CVE-2018-7287
An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop). Se ha descubierto un problema en res_http_websocket.c en Asterisk hasta la versión 15.2.1. Si el servidor HTTP está habilitado (está deshabilitado por defecto), las cargas útiles de WebSocket de tamaño 0 se gestionan de forma incorrecta (con un bucle ocupado). • http://downloads.digium.com/pub/security/AST-2018-006.html http://www.securityfocus.com/bid/103120 http://www.securitytracker.com/id/1040419 https://issues.asterisk.org/jira/browse/ASTERISK-27658 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-7285
https://notcve.org/view.php?id=CVE-2018-7285
A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. • http://downloads.asterisk.org/pub/security/AST-2018-001.html http://www.securityfocus.com/bid/103149 http://www.securitytracker.com/id/1040415 • CWE-476: NULL Pointer Dereference •
CVSS: 6.0EPSS: 0%CPEs: 144EXPL: 0CVE-2012-4737
https://notcve.org/view.php?id=CVE-2012-4737
channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. channels/chan_iax2.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-1.8.11 antes de cert7, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 no hace cumplir las reglas de ACL durante ciertos usos del par de credenciales, lo que permite a usuarios remotos autenticados eludir las restricciones de llamadas de salida aprovechándose de la disponibilidad de estas credenciales. • http://downloads.asterisk.org/pub/security/AST-2012-013.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.debian.org/security/2012/dsa-2550 http://www.securityfocus.com/bid/55335 http://www.securitytracker.com/id?1027461 • CWE-264: Permissions, Privileges, and Access Controls •