CVE-2018-7284
Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack Corruption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.
Se ha descubierto un problema de desbordamiento de búfer en Asterisk hasta la versión 13.19.1; versiones 14.x anteriores a la 14.7.5 y las versiones 15.x anteriores a la 15.2.1, así como Certified Asterisk hasta la versión 13.18-cert2. Al procesar una petición SUBSCRIBE, el módulo res_pjsip_pubsub almacena los formatos aceptados presentes en las cabeceras Accept de la petición. Este código no limitaba el número de cabeceras que procesaba, a pesar de tener un límite fijado en 32. Si estuviesen presentes más de 32 cabeceras Accept, el código escribiría fuera de la memoria y provocaría un cierre inesperado.
Asterisk running chan_pjsip suffers from a SUBSCRIBE message stack corruption vulnerability. Vulnerable versions include 15.2.0, 13.19.0, 14.7.5, and 13.11.2.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-21 CVE Reserved
- 2018-02-22 CVE Published
- 2024-05-28 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103151 | Third Party Advisory | |
| http://www.securitytracker.com/id/1040416 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/44184 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2018-004.html | 2019-03-01 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2018/dsa-4320 | 2019-03-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | <= 13.19.1 Search vendor "Digium" for product "Asterisk" and version " <= 13.19.1" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 14.0.0 <= 14.7.5 Search vendor "Digium" for product "Asterisk" and version " >= 14.0.0 <= 14.7.5" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 15.0.0 <= 15.2.1 Search vendor "Digium" for product "Asterisk" and version " >= 15.0.0 <= 15.2.1" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.18 Search vendor "Digium" for product "Certified Asterisk" and version "13.18" | cert1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.18 Search vendor "Digium" for product "Certified Asterisk" and version "13.18" | cert2 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | <= 13.18 Search vendor "Digium" for product "Certified Asterisk" and version " <= 13.18" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||