Lucene search

K

MitreCVELIST:CVE-2018-17281

HistorySep 24, 2018 - 10:00 p.m.

CVE-2018-17281

2018-09-2422:00:00

mitre

www.cve.org

7.4 High

AI Score

Confidence

High

0.659 Medium

EPSS

Percentile

97.9%

There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.

References

downloads.asterisk.org/pub/security/AST-2018-009.html

packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html

seclists.org/fulldisclosure/2018/Sep/31

www.securityfocus.com/bid/105389

www.securitytracker.com/id/1041694

issues.asterisk.org/jira/browse/ASTERISK-28013

lists.debian.org/debian-lts-announce/2018/09/msg00034.html

seclists.org/bugtraq/2018/Sep/53

security.gentoo.org/glsa/201811-11

www.debian.org/security/2018/dsa-4320

7.4 High

AI Score

Confidence

High

0.659 Medium

EPSS

Percentile

97.9%

Related for CVELIST:CVE-2018-17281

nessus5 checkpoint_advisories1 osv3 debian2 nvd1 prion1 freebsd1 openvas3 debiancve1 ubuntucve1 cve1 gentoo1