79 matches found
FreeBSD : asterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups (c6fb2734-e835-11e8-b14b-001999f8d30b)
The Asterisk project reports : There is a buffer overflow vulnerability in dnssrv and dnsnaptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attackers request causes Asterisk to segfault and crash. C Tenable Network Security...
Asterisk DoS Vulnerability (AST-2018-010)
Asterisk is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...
CVE-2018-19278
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
Buffer overflow
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
CVE-2018-19278
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
CVE-2018-19278
CVE-2018-19278 affects Digium Asterisk 15.x (before 15.6.2) and 16.x (before 16.0.1). The issue is a buffer overflow in DNS SRV and NAPTR lookups, caused by a mismatch between the buffer size and the compressed vs expanded length, which can be triggered by specially crafted DNS responses and may ...
CVE-2018-19278
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
CVE-2018-19278
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
CVE-2018-19278
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed...
asterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups
The Asterisk project reports: There is a buffer overflow vulnerability in dnssrv and dnsnaptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attackers request causes Asterisk to segfault and crash...
The vulnerability of the ares_parse_naptr_reply function in the asynchronous DNS request library c-ares allows a attacker to perform reading beyond the buffer limit in memory.
The vulnerability of the aresparsenaptrreply function in the asynchronous DNS request library c-ares is related to incorrect data processing during the analysis of NAPTR responses. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger buffer overflow attacks by...
c-ares: NAPTR parser out of bounds access
The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way...
Ubuntu: Security Advisory (USN-3395-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS : c-ares vulnerability (USN-3395-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3395-1 advisory. It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using...
USN-3395-1 c-ares vulnerability
It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service...
USN-3395-1: c-ares vulnerability
It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service...
Amazon Linux AMI : c-ares (ALAS-2017-859)
The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVE-2017-1000381 C Tenable Network Security, Inc. The descriptive text and...
MGASA-2017-0215 Updated c-ares packages fix security vulnerability
The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way CVE-2017-1000381...
Medium: c-ares
Issue Overview: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVE-2017-1000381 Affected Packages: c-ares Issue Correction...
openSUSE Security Update : libcares2 (openSUSE-2017-810)
This update for libcares2 fixes the following issues : - CVE-2017-1000381: A NAPTR parser out of bounds access was fixed that could lead to crashes. bsc1044946 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...