Vulnerability in N/a
CVE-2018-17281
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk…
EPSS: 0.803 (99.1th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 1041694 (vdb-entry, x_refsource_SECTRACK)
- 20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade (mailing-list, x_refsource_FULLDISC)
- packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-201… (x_refsource_MISC)
- DSA-4320 (vendor-advisory, x_refsource_DEBIAN)
- 20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade (mailing-list, x_refsource_BUGTRAQ)
- issues.asterisk.org/jira/browse/ASTERISK-28013 (x_refsource_CONFIRM)
- [debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update (mailing-list, x_refsource_MLIST)
- GLSA-201811-11 (vendor-advisory, x_refsource_GENTOO)
- 105389 (vdb-entry, x_refsource_BID)
- downloads.asterisk.org/pub/security/AST-2018-009.html (x_refsource_CONFIRM)