Lucene search
FreeBSD94268DA0-8118-11E4-A180-001999F8D30BHistoryOct 30, 2014 - 12:00 a.m.
asterisk -- Remote Crash Vulnerability in WebSocket Server
2014-10-3000:00:00
vuxml.freebsd.org
22
0.035 Low
EPSS
Percentile
91.5%
The Asterisk project reports:
When handling a WebSocket frame the res_http_websocket
module dynamically changes the size of the memory used
to allow the provided payload to fit. If a payload length
of zero was received the code would incorrectly attempt
to resize to zero. This operation would succeed and end
up freeing the memory but be treated as a failure. When
the session was subsequently torn down this memory would
get freed yet again causing a crash.
Users of the WebSocket functionality also did not take
into account that provided text frames are not guaranteed
to be NULL terminated. This has been fixed in chan_sip
and chan_pjsip in the applicable versions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | asterisk11 | < 11.14.2 | UNKNOWN |
Related
nessus
nessus
Mandriva Linux Security Advisory : asterisk (MDVSA-2015:018)
2015-01-09 00:00:00
Asterisk 'res_http_websocket' Double-Free DoS (AST-2014-019)
2014-12-15 00:00:00
debiancve
debiancve
CVE-2014-9374
2014-12-12 15:59:00
mageia
mageia
Updated asterisk packages fix CVE-2014-9374
2015-01-07 19:32:10
securityvulns
securityvulns
Asterisk DoS
2015-02-02 00:00:00
[ MDVSA-2015:018 ] asterisk
2015-01-13 00:00:00
cve
cve
CVE-2014-9374
2014-12-12 15:59:00
ubuntucve
ubuntucve
CVE-2014-9374
2014-12-12 00:00:00
prion
prion
Double free
2014-12-12 15:59:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0010)
2022-01-28 00:00:00
Gentoo Security Advisory GLSA 201412-51
2015-09-29 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2014-12-28 00:00:00