7 matches found
EUVD-2017-6104
Malware in sbrugna...
Design/Logic Flaw
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetricrtp" options allow...
UBUNTU-CVE-2017-14603
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetricrtp" options allow...
Digium Asterisk RTP Stack Information Disclosure (CVE-2017-14099)
An information disclosure vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of incoming RTP/RTCP packets when the chansip and chanpjsip channel drivers are configured to use NAT and Symmetric-RTP respectively...
CVE-2017-14099
In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...
Design/Logic Flaw
In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...
CVE-2017-14099
In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...