Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-8414HistoryNov 24, 2014 - 3:59 p.m.
CVE-2014-8414
2014-11-2415:59:06
Debian Security Bug Tracker
security-tracker.debian.org
11
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.007
Percentile
81.0%
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | asterisk | < 1:13.1.0~dfsg-1 | asterisk_1:13.1.0~dfsg-1_all.deb |
| Debian | 999 | all | asterisk | < 1:13.1.0~dfsg-1 | asterisk_1:13.1.0~dfsg-1_all.deb |
Related
nessus
nessus
Asterisk ConfBridge State Transitions DoS (AST-2014-014)
2014-11-25 00:00:00
FreeBSD : asterisk -- Multiple vulnerabilities (7bfd797c-716d-11e4-b008-001999f8d30b)
2014-11-24 00:00:00
GLSA-201412-51 : Asterisk: Multiple vulnerabilities
2014-12-29 00:00:00
ubuntucve
ubuntucve
CVE-2014-8414
2014-11-24 00:00:00
nvd
nvd
CVE-2014-8414
2014-11-24 15:59:06
cve
cve
CVE-2014-8414
2014-11-24 15:59:06
prion
prion
Design/Logic Flaw
2014-11-24 15:59:00
cvelist
cvelist
CVE-2014-8414
2014-11-24 15:00:00
freebsd
freebsd
asterisk -- Multiple vulnerabilities
2014-11-21 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2014-12-28 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201412-51
2015-09-29 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.007
Percentile
81.0%
Related for DEBIANCVE:CVE-2014-8414