CVE-2014-9374

2014-12-1215:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2014-9374

websocket server

asterisk open source

vulnerability

denial of service

nvd

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.035 Low

EPSS

Percentile

91.5%

JSON

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

CPENameOperatorVersion
digium:certified_asteriskdigium certified asteriskeq11.6
digium:certified_asteriskdigium certified asteriskeq11.6.0
digium:asteriskdigium asteriskeq12.0.0
digium:asteriskdigium asteriskeq11.14.0
digium:asteriskdigium asteriskeq11.3.0
digium:asteriskdigium asteriskeq11.2.0
digium:asteriskdigium asteriskeq11.0.0
digium:asteriskdigium asteriskeq11.4.0
digium:asteriskdigium asteriskeq12.3.0
digium:asteriskdigium asteriskeq11.5.0

CPE	Name	Operator	Version
digium:certified_asterisk	digium certified asterisk	eq	11.6
digium:certified_asterisk	digium certified asterisk	eq	11.6.0
digium:asterisk	digium asterisk	eq	12.0.0
digium:asterisk	digium asterisk	eq	11.14.0
digium:asterisk	digium asterisk	eq	11.3.0
digium:asterisk	digium asterisk	eq	11.2.0
digium:asterisk	digium asterisk	eq	11.0.0
digium:asterisk	digium asterisk	eq	11.4.0
digium:asterisk	digium asterisk	eq	12.3.0
digium:asterisk	digium asterisk	eq	11.5.0