Lucene search
+L

79 matches found

Tenable Nessus
Tenable Nessus
added 2018/11/15 12:0 a.m.45 views

FreeBSD : asterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups (c6fb2734-e835-11e8-b14b-001999f8d30b)

The Asterisk project reports : There is a buffer overflow vulnerability in dnssrv and dnsnaptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attackers request causes Asterisk to segfault and crash. C Tenable Network Security...

5.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2018/11/15 12:0 a.m.51 views

Asterisk DoS Vulnerability (AST-2018-010)

Asterisk is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...

7.5CVSS7.5AI score0.03579EPSS
Exploits1References1
NVD
NVD
added 2018/11/14 8:29 p.m.16 views

CVE-2018-19278

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...

7.5CVSS7.7AI score0.03579EPSS
Exploits1References2
Prion
Prion
added 2018/11/14 8:29 p.m.18 views

Buffer overflow

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...

5CVSS7.7AI score0.03579EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/11/14 8:29 p.m.16 views

CVE-2018-19278

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...

7.5CVSS7.4AI score
Exploits0References2
CVE
CVE
added 2018/11/14 8:0 p.m.85 views

CVE-2018-19278

CVE-2018-19278 affects Digium Asterisk 15.x (before 15.6.2) and 16.x (before 16.0.1). The issue is a buffer overflow in DNS SRV and NAPTR lookups, caused by a mismatch between the buffer size and the compressed vs expanded length, which can be triggered by specially crafted DNS responses and may ...

7.5CVSS7.7AI score0.03579EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/11/14 8:0 p.m.23 views

CVE-2018-19278

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...

7.7AI score0.03579EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2018/11/14 8:0 p.m.44 views

CVE-2018-19278

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...

7.5CVSS7.8AI score0.03579EPSS
Exploits1
Debian CVE
Debian CVE
added 2018/11/14 8:0 p.m.34 views

CVE-2018-19278

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...

7.5CVSS7.8AI score0.03579EPSS
Exploits1
FreeBSD
FreeBSD
added 2018/10/23 12:0 a.m.346 views

asterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups

The Asterisk project reports: There is a buffer overflow vulnerability in dnssrv and dnsnaptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attackers request causes Asterisk to segfault and crash...

5.6AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/01/24 12:0 a.m.6 views

The vulnerability of the ares_parse_naptr_reply function in the asynchronous DNS request library c-ares allows a attacker to perform reading beyond the buffer limit in memory.

The vulnerability of the aresparsenaptrreply function in the asynchronous DNS request library c-ares is related to incorrect data processing during the analysis of NAPTR responses. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger buffer overflow attacks by...

7.5CVSS7.8AI score0.0331EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2017/10/18 7:51 a.m.8 views

c-ares: NAPTR parser out of bounds access

The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way...

7.5CVSS7.4AI score0.0331EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2017/08/18 12:0 a.m.28 views

Ubuntu: Security Advisory (USN-3395-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.0331EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/08/18 12:0 a.m.37 views

Ubuntu 14.04 LTS / 16.04 LTS : c-ares vulnerability (USN-3395-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3395-1 advisory. It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using...

7.5CVSS7.5AI score0.0331EPSS
Exploits0References2
OSV
OSV
added 2017/08/17 5:9 p.m.5 views

USN-3395-1 c-ares vulnerability

It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service...

7.5CVSS7AI score0.0331EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2017/08/17 5:9 p.m.61 views

USN-3395-1: c-ares vulnerability

It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service...

7.5CVSS7.5AI score0.0331EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/07/25 12:0 a.m.25 views

Amazon Linux AMI : c-ares (ALAS-2017-859)

The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVE-2017-1000381 C Tenable Network Security, Inc. The descriptive text and...

7.5CVSS7.7AI score0.0331EPSS
Exploits0References2
OSV
OSV
added 2017/07/23 7:58 p.m.11 views

MGASA-2017-0215 Updated c-ares packages fix security vulnerability

The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way CVE-2017-1000381...

7.5CVSS7.5AI score0.0331EPSS
Exploits0References3
Amazon
Amazon
added 2017/07/20 12:0 a.m.31 views

Medium: c-ares

Issue Overview: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVE-2017-1000381 Affected Packages: c-ares Issue Correction...

7.5CVSS9.1AI score0.0331EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/07/14 12:0 a.m.29 views

openSUSE Security Update : libcares2 (openSUSE-2017-810)

This update for libcares2 fixes the following issues : - CVE-2017-1000381: A NAPTR parser out of bounds access was fixed that could lead to crashes. bsc1044946 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

7.5CVSS7.6AI score0.0331EPSS
Exploits0References2
Rows per page
Query Builder