8 matches found
Asterisk 13.x < 13.23.1 / 14.x < 14.7.8 / 15.x < 15.6.1 / 13.21 < 13.21-cert3 HTTP Websocket Stack Overflow (AST-2018-009)
According to its SIP banner, the version of Asterisk running on the remote host is 13.x prior to 13.23.1, 14.x prior to 14.7.8, 15.x prior to 15.6.1, or 13.21 prior to 13.21-cert3. It is therefore, affected by an error related to the reshttpwebsocket.so module that allows a stack overflow error a...
Asterisk 13.13 < 13.13-cert3 / 13.x < 13.14.1 / 14.x < 14.3.1 CDR user Field RCE (AST-2017-001)
According to its SIP banner, the version of Asterisk running on the remote host is 13.13 prior to 13.13-cert3, 13.x prior to 13.14.1, or 14.x prior to 14.3.1. Is it, therefore, affected by a buffer overflow condition due to a failure to check the size when setting the user field on a CDR. An...
Asterisk REGISTER Request Contact URI Handling DoS (AST-2016-004)
According to its SIP banner, the version of Asterisk running on the remote host is either 13.x prior to 13.8.1 or 13.1-cert prior to 13.1-cert5. It is, therefore, affected by a flaw when processing incoming REGISTER requests if the REGISTER contains an overlong URI in the Contact header. An...
Asterisk chan_pjsip Incompatible Codecs DoS (AST-2015-001)
According to its SIP banner, the version of Asterisk running on the remote host has a flaw in which it fails to reclaim allocated RTP ports whenever a connection is made to an authenticated endpoint whose SPD offers only codecs that are not allowed by Asterisk. An attacker could exploit this...
Asterisk main/http.c DoS (AST-2014-001)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. A stack overflow flaw exists when an HTTP request with a large number of cookie headers isn't properly validated. A remote attacker could...
Asterisk PJSIP Channel Driver Options DoS (AST-2014-003)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. A flaw exists in the PJSIP channel driver when the 'qualityfrequency' configuration is enabled on an AOR when the SIP server's challenges fo...
Asterisk Multiple Vulnerabilities (AST-2013-006 / AST-2013-007)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities : - A denial of service vulnerability exists in the 'unpacksms16' function of the 'appsms.c' source file. When a 16-bit SMS message with an unusu...
Asterisk SIP SDP Buffer Overflow (AST-2013-001)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a buffer overflow vulnerability related to SIP SDP headers and h264 video handling. This error could allow execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network...