120 matches found
CVE-2019-7251
An Integer Signedness issue for a return code in the respjsipsdprtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation...
CVE-2019-7251
An Integer Signedness issue for a return code in the respjsipsdprtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation...
CVE-2019-7251
An Integer Signedness issue for a return code in the respjsipsdprtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation...
CVE-2019-7251
CVE-2019-7251 affects the Digium Asterisk project, specifically the res_pjsip_sdp_rtp module. The vulnerability is described as an Integer Signedness issue for a return code in Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier, which could allow remote authenticated users to crash Aster...
Digium Asterisk Denial of Service (CVE-2018-7286)
A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of prematurely closed TCP connections after a SIP INVITE request. Successful exploitation could result in denial of service conditions on the target service...
Digium Asterisk Denial of Service (CVE-2018-7285)
A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of RTP packets. Successful exploitation of this vulnerability may result in a denial of service condition on the target service...
Digium Asterisk WebSocket Denial of Service (CVE-2018-7287)
A denial-of-service vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of WebSocket payloads. Successful exploitation would result in a crash of the server process leading to denial of service...
Asterisk DoS Vulnerability (AST-2018-010)
Asterisk is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...
Buffer overflow
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
CVE-2018-19278
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
CVE-2018-19278
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
CVE-2018-19278
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
CVE-2018-19278
CVE-2018-19278 affects Digium Asterisk 15.x (before 15.6.2) and 16.x (before 16.0.1). The issue is a buffer overflow in DNS SRV and NAPTR lookups, caused by a mismatch between the buffer size and the compressed vs expanded length, which can be triggered by specially crafted DNS responses and may ...
CVE-2018-19278
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
CVE-2018-19278
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
Digium Asterisk Open Source and Certified Asterisk Information Disclosure Vulnerabilities
Digium Asterisk Open Source and Certified Asterisk are both open source telephone exchange PBX system software from Digium, Inc. in the United States. The software supports voicemail, multi-party voice conferencing, and interactive voice response IVR. A security vulnerability exists in Digium...
Asterisk Information Disclosure Vulnerability (AST-2018-008)
Asterisk is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; i...
Digium Asterisk Open Source and Certified Asterisk Authentication Vulnerabilities
Digium Asterisk Open Source and Certified Asterisk are both open source telephone exchange PBX system software from Digium, Inc. in the United States. The software supports voicemail, multi-party voice conferencing, and interactive voice response IVR. An authentication vulnerability exists in...
Digium Asterisk Open Source and Certified Asterisk Buffer Overflow Vulnerabilities
Digium Asterisk Open Source and Certified Asterisk are both open source telephone exchange PBX system software from Digium, Inc. in the United States. The software supports voicemail, multi-party voice conferencing, and interactive voice response IVR. A buffer overflow vulnerability exists in...
Digium Asterisk chan_skinny SCCP session Denial of Service (CVE-2017-17090)
A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to a processing flaw in the chanskinny SCCP packet processing module. A remote unauthenticated attacker can exploit this vulnerability by sending a flood of certain requests to asterisk and exhaust available...