4 matches found
Denial Of Service (DoS)
asterisk is vulnerable to Denial Of Service DoS. The vulnerability exists due to the use after free in respjsippubsub.c, allowing an attacker to crash the application by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on th...
CVE-2022-42705
A use-after-free in respjsippubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk denial of service by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing...
CVE-2022-42705
CVE-2022-42705 affects Sangoma Asterisk: use-after-free in res_pjsip_pubsub.c on Asterisk 16.28, 18.14, 19.6 and certified/18.9-cert2. An authenticated remote attacker can crash Asterisk (DoS) by performing activity on a subscription via a reliable transport while Asterisk is also performing acti...
Asterisk -- multiple vulnerabilities
The Asterisk project reports: AST-2022-007: Remote Crash Vulnerability in H323 channel add on AST-2022-008: Use after free in respjsippubsub.c AST-2022-009: GetConfig AMI Action can read files outside of Asterisk directory...