In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the “nat” and “symmetric_rtp” options allow redirecting where Asterisk sends the next RTCP report.
CPE | Name | Operator | Version |
---|---|---|---|
asterisk | eq | 13.1.0 | |
asterisk | eq | 13.1.0 rc2 | |
asterisk | eq | 13.2.1 | |
asterisk | eq | 13.8.0 rc1 | |
asterisk | eq | 13.15.0 rc2 | |
asterisk | eq | 13.7.0 rc1 | |
asterisk | eq | 13.7.0 rc2 | |
asterisk | eq | 13.7.1 | |
asterisk | eq | 13.1.0 rc1 | |
asterisk | eq | 13.12 |