Vulnerability in Digium Asterisk
CVE-2014-9374
Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to…
EPSS: 0.458 (97.7th percentile) — read the EPSS interpretation.
Affected products
- Digium Asterisk — versions 11.0.0, 11.1.0, 11.2.0
- Digium Certified_asterisk — versions 11.6, 11.6.0
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- MDVSA-2015:018 (vendor-advisory, x_refsource_MANDRIVA)
- 20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_MISC)
- 71607 (vdb-entry, x_refsource_BID)
- 20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server (mailing-list, x_refsource_FULLDISC)
- 60251 (x_refsource_SECUNIA, third-party-advisory)
- 1031345 (vdb-entry, x_refsource_SECTRACK)