12 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-42705
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free in respjsippubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asteris...
CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...
FreeBSD : asterisk -- multiple vulnerabilities (933654ce-17b8-11e8-90b8-001999f8d30b)
The Asterisk project reports : AST-2018-004 - When processing a SUBSCRIBE request the respjsippubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Acce...
CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...
CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...
CVE-2018-7284
CVE-2018-7284 affects Asterisk and Certified Asterisk; during SUBSCRIBE, res_pjsip_pubsub does not cap Accept headers (limit 32) and can write outside memory, causing a crash. Affected: 13.x–15.x releases (precise bounds in sources). Exploitation details exist (Exploit-DB), with vendor advisories...
CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...
asterisk -- multiple vulnerabilities
The Asterisk project reports: AST-2018-004 - When processing a SUBSCRIBE request the respjsippubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accep...
Digium Asterisk res_pjsip_pubsub Module SIP SUBSCRIBE Type Confusion Denial of Service (CVE-2014-6609)
A denial of service vulnerability exists in Asterisk Open Source. The vulnerability is due to the way SIP SUBSCRIBE requests with unexpected mixes of headers for a given event package are handled. Remote, unauthenticated attackers could exploit this vulnerability by sending malformed SIP SUBSCRIB...
CVE-2014-6609
The respjsippubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service crash via crafted headers in a SIP SUBSCRIBE request for an event package...
CVE-2014-6609
The CVE-2014-6609 issue affects Asterisk Open Source 12.x prior to 12.5.1, where the res_pjsip_pubsub module allows remote authenticated users to crash the server by sending crafted SIP SUBSCRIBE requests with mixed headers for a given event package. This results in a denial of service. Root caus...
Asterisk PJSIP Channel Driver DoS (AST-2014-009)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability in the PJSIP channel driver. This is due to a flaw in the 'respjsippubsub' module. The issue is triggered when handling a SIP SUBSCRIBE reque...