29 matches found
Code injection
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashe...
CVE-2016-9937
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashe...
CVE-2016-9937
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashe...
CVE-2016-9937
CVE-2016-9937 affects Asterisk Open Source versions 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. When an SDP offer/answer contains Opus and parameters separated by spaces, the Opus SDP parser recurses and crashes, causing a denial of service. The issue is remote and unauthenticated,...
CVE-2016-9937
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashe...
FreeBSD : asterisk -- Crash on SDP offer or answer from endpoint using Opus (9e6640fe-be3a-11e6-b04f-001999f8d30b)
The Asterisk project reports : If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the...
Asterisk SDP Offer DoS Vulnerability (AST-2016-008)
Asterisk is prone to a SDP offer denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
asterisk -- Crash on SDP offer or answer from endpoint using Opus
The Asterisk project reports: If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the...
CVE-2013-0899
Integer overflow in the padding implementation in the opuspacketparseimpl function in src/opusdecoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of...