CVE-2018-12228

Published: Jun 12, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.

Affected (1)

Products: Sangoma: Asterisk

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sangoma Asterisk	From 15.0 to 15.4.1

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (6)

http://downloads.asterisk.org/pub/security/AST-2018-007.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/104457

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://issues.asterisk.org/jira/browse/ASTERISK-27807

Source: cve@mitre.org

ExploitVendor Advisory

http://downloads.asterisk.org/pub/security/AST-2018-007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/104457

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://issues.asterisk.org/jira/browse/ASTERISK-27807

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.