← Back

CVE-2014-2286

nvd nist
Published: Apr 18, 2014Modified: May 6, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

Affected (232)

Digium
2 products
Asterisk
Certified Asterisk
Fedoraproject
1 product
Fedora
Configuration A
158 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Asterisk
Version 1.8.0
Asterisk
Version 1.8.0 beta1
Asterisk
Version 1.8.0 beta2
Asterisk
Version 1.8.0 beta3
Asterisk
Version 1.8.0 beta4
Asterisk
Version 1.8.0 beta5
Asterisk
Version 1.8.0 rc2
Asterisk
Version 1.8.0 rc3
Asterisk
Version 1.8.0 rc4
Asterisk
Version 1.8.0 rc5
Asterisk
Version 1.8.1.1
Asterisk
Version 1.8.1.2
Asterisk
Version 1.8.10.0
Asterisk
Version 1.8.10.0
Asterisk
Version 1.8.10.0 rc1
Asterisk
Version 1.8.10.0 rc2
Asterisk
Version 1.8.10.0 rc3
Asterisk
Version 1.8.10.0 rc4
Asterisk
Version 1.8.10.1
Asterisk
Version 1.8.11.0
Asterisk
Version 1.8.11.0
Asterisk
Version 1.8.11.0 patch
Asterisk
Version 1.8.11.0 rc2
Asterisk
Version 1.8.11.0 rc3
Asterisk
Version 1.8.11.1
Asterisk
Version 1.8.11.1
Asterisk
Version 1.8.11.1 patch
Asterisk
Version 1.8.12.0
Asterisk
Version 1.8.12.0
Asterisk
Version 1.8.12.0 rc1
Asterisk
Version 1.8.12.0 rc2
Asterisk
Version 1.8.12.0 rc3
Asterisk
Version 1.8.12.1
Asterisk
Version 1.8.12.2
Asterisk
Version 1.8.12
Asterisk
Version 1.8.13.0
Asterisk
Version 1.8.13.0 rc1
Asterisk
Version 1.8.13.0 rc2
Asterisk
Version 1.8.13.1
Asterisk
Version 1.8.14.0
Asterisk
Version 1.8.14.0 patch
Asterisk
Version 1.8.14.0 rc1
Asterisk
Version 1.8.14.0 rc2
Asterisk
Version 1.8.14.1
Asterisk
Version 1.8.14.1
Asterisk
Version 1.8.14.1 patch
Asterisk
Version 1.8.15.0
Asterisk
Version 1.8.15.0
Asterisk
Version 1.8.15.0 rc1
Asterisk
Version 1.8.15.1
Asterisk
Version 1.8.16.0
Asterisk
Version 1.8.16.0
Asterisk
Version 1.8.16.0 rc1
Asterisk
Version 1.8.16.0 rc2
Asterisk
Version 1.8.17.0
Asterisk
Version 1.8.17.0
Asterisk
Version 1.8.17.0 patch
Asterisk
Version 1.8.17.0 rc1
Asterisk
Version 1.8.17.0 rc2
Asterisk
Version 1.8.17.0 rc3
Asterisk
Version 1.8.18.0
Asterisk
Version 1.8.18.0
Asterisk
Version 1.8.18.0 rc1
Asterisk
Version 1.8.18.1
Asterisk
Version 1.8.19.0
Asterisk
Version 1.8.19.0
Asterisk
Version 1.8.19.0 rc1
Asterisk
Version 1.8.19.0 rc3
Asterisk
Version 1.8.19.1
Asterisk
Version 1.8.1
Asterisk
Version 1.8.1 rc1
Asterisk
Version 1.8.2.1
Asterisk
Version 1.8.2.2
Asterisk
Version 1.8.2.3
Asterisk
Version 1.8.2.4
Asterisk
Version 1.8.20.0
Asterisk
Version 1.8.20.0 patch
Asterisk
Version 1.8.20.0 rc1
Asterisk
Version 1.8.20.0 rc2
Asterisk
Version 1.8.20.1
Asterisk
Version 1.8.20.1 patch
Asterisk
Version 1.8.20.2
Asterisk
Version 1.8.20.2 patch
Asterisk
Version 1.8.21.0
Asterisk
Version 1.8.21.0 rc1
Asterisk
Version 1.8.21.0 rc2
Asterisk
Version 1.8.22.0
Asterisk
Version 1.8.22.0 rc1
Asterisk
Version 1.8.22.0 rc2
Asterisk
Version 1.8.23.0
Asterisk
Version 1.8.23.0 patch
Asterisk
Version 1.8.23.0 rc1
Asterisk
Version 1.8.23.0 rc2
Asterisk
Version 1.8.23.1
Asterisk
Version 1.8.24.0
Asterisk
Version 1.8.24.0 rc1
Asterisk
Version 1.8.24.0 rc2
Asterisk
Version 1.8.24.1
Asterisk
Version 1.8.25.0
Asterisk
Version 1.8.25.0 rc1
Asterisk
Version 1.8.25.0 rc2
Asterisk
Version 1.8.26.0
Asterisk
Version 1.8.26.0 rc1
Asterisk
Version 1.8.2
Asterisk
Version 1.8.3.1
Asterisk
Version 1.8.3.2
Asterisk
Version 1.8.3.3
Asterisk
Version 1.8.3
Asterisk
Version 1.8.3 rc1
Asterisk
Version 1.8.3 rc2
Asterisk
Version 1.8.3 rc3
Asterisk
Version 1.8.4.1
Asterisk
Version 1.8.4.2
Asterisk
Version 1.8.4.3
Asterisk
Version 1.8.4.4
Asterisk
Version 1.8.4
Asterisk
Version 1.8.4 rc1
Asterisk
Version 1.8.4 rc2
Asterisk
Version 1.8.4 rc3
Asterisk
Version 1.8.5.0
Asterisk
Version 1.8.5
Asterisk
Version 1.8.5 rc1
Asterisk
Version 1.8.6.0
Asterisk
Version 1.8.6.0 rc1
Asterisk
Version 1.8.6.0 rc2
Asterisk
Version 1.8.6.0 rc3
Asterisk
Version 1.8.7.0
Asterisk
Version 1.8.7.0 rc1
Asterisk
Version 1.8.7.0 rc2
Asterisk
Version 1.8.7.1
Asterisk
Version 1.8.8.0
Asterisk
Version 1.8.8.0
Asterisk
Version 1.8.8.0 patch
Asterisk
Version 1.8.8.0 rc1
Asterisk
Version 1.8.8.0 rc2
Asterisk
Version 1.8.8.0 rc3
Asterisk
Version 1.8.8.0 rc4
Asterisk
Version 1.8.8.0 rc5
Asterisk
Version 1.8.8.1
Asterisk
Version 1.8.8.2
Asterisk
Version 1.8.9.0
Asterisk
Version 1.8.9.0
Asterisk
Version 1.8.9.0 rc1
Asterisk
Version 1.8.9.0 rc2
Asterisk
Version 1.8.9.0 rc3
Asterisk
Version 1.8.9.1
Asterisk
Version 1.8.9.2
Asterisk
Version 1.8.9.3
Asterisk
Version 11.8.0
Asterisk
Version 11.8.0 rc1
Asterisk
Version 11.8.0 rc2
Asterisk
Version 11.8.0 rc3
Asterisk
Version 12.1.0
Asterisk
Version 12.1.0 rc1
Asterisk
Version 12.1.0 rc2
Asterisk
Version 12.1.0 rc3
Fedoraproject
Fedora
Version 19
Fedora
Version 20
Configuration B
74 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Certified Asterisk
Version 1.8.0.0
Certified Asterisk
Version 1.8.0.0 beta1
Certified Asterisk
Version 1.8.0.0 beta2
Certified Asterisk
Version 1.8.0.0 beta3
Certified Asterisk
Version 1.8.0.0 beta4
Certified Asterisk
Version 1.8.0.0 beta5
Certified Asterisk
Version 1.8.0.0 rc1
Certified Asterisk
Version 1.8.0.0 rc2
Certified Asterisk
Version 1.8.0.0 rc3
Certified Asterisk
Version 1.8.0.0 rc4
Certified Asterisk
Version 1.8.0.0 rc5
Certified Asterisk
Version 1.8.1.0
Certified Asterisk
Version 1.8.1.0 rc1
Certified Asterisk
Version 1.8.10.0
Certified Asterisk
Version 1.8.10.0 rc1
Certified Asterisk
Version 1.8.10.0 rc2
Certified Asterisk
Version 1.8.10.0 rc3
Certified Asterisk
Version 1.8.10.0 rc4
Certified Asterisk
Version 1.8.11.0
Certified Asterisk
Version 1.8.11.0 rc1
Certified Asterisk
Version 1.8.11.0 rc2
Certified Asterisk
Version 1.8.11.0 rc3
Certified Asterisk
Version 1.8.12.0
Certified Asterisk
Version 1.8.12.0 rc1
Certified Asterisk
Version 1.8.12.0 rc2
Certified Asterisk
Version 1.8.12.0 rc3
Certified Asterisk
Version 1.8.13.0
Certified Asterisk
Version 1.8.13.0 rc1
Certified Asterisk
Version 1.8.13.0 rc2
Certified Asterisk
Version 1.8.14.0 rc1
Certified Asterisk
Version 1.8.14.0 rc2
Certified Asterisk
Version 1.8.15
Certified Asterisk
Version 1.8.15 cert1
Certified Asterisk
Version 1.8.15 cert1_rc1
Certified Asterisk
Version 1.8.15 cert1_rc2
Certified Asterisk
Version 1.8.15 cert1_rc3
Certified Asterisk
Version 1.8.15 cert2
Certified Asterisk
Version 1.8.15 cert3
Certified Asterisk
Version 1.8.15 cert4
Certified Asterisk
Version 1.8.2.0
Certified Asterisk
Version 1.8.2.0 rc1
Certified Asterisk
Version 1.8.3.0
Certified Asterisk
Version 1.8.3.0 rc1
Certified Asterisk
Version 1.8.3.0 rc2
Certified Asterisk
Version 1.8.3.0 rc3
Certified Asterisk
Version 1.8.4.0
Certified Asterisk
Version 1.8.4.0 rc1
Certified Asterisk
Version 1.8.4.0 rc2
Certified Asterisk
Version 1.8.4.0 rc3
Certified Asterisk
Version 1.8.5.0
Certified Asterisk
Version 1.8.5.0 rc1
Certified Asterisk
Version 1.8.6.0
Certified Asterisk
Version 1.8.6.0 rc1
Certified Asterisk
Version 1.8.6.0 rc2
Certified Asterisk
Version 1.8.6.0 rc3
Certified Asterisk
Version 1.8.7.0
Certified Asterisk
Version 1.8.7.0 rc1
Certified Asterisk
Version 1.8.7.0 rc2
Certified Asterisk
Version 1.8.8.0
Certified Asterisk
Version 1.8.8.0 rc1
Certified Asterisk
Version 1.8.8.0 rc2
Certified Asterisk
Version 1.8.8.0 rc3
Certified Asterisk
Version 1.8.8.0 rc4
Certified Asterisk
Version 1.8.8.0 rc5
Certified Asterisk
Version 1.8.9.0
Certified Asterisk
Version 1.8.9.0 rc1
Certified Asterisk
Version 1.8.9.0 rc2
Certified Asterisk
Version 1.8.9.0 rc3
Certified Asterisk
Version 11.6.0
Certified Asterisk
Version 11.6.0 rc1
Certified Asterisk
Version 11.6.0 rc2
Certified Asterisk
Version 11.6 cert1
Certified Asterisk
Version 11.6 cert1_rc1
Certified Asterisk
Version 11.6 cert1_rc2

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.