CVE-2018-7284

Published: Feb 22, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

Affected (7)

Products: Digium: Asterisk, Certified Asterisk · Debian: Debian Linux

2 products

Certified Asterisk

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Digium Asterisk	Up to 13.19.1
Digium Asterisk	From 14.0.0 to 14.7.5
Digium Asterisk	From 15.0.0 to 15.2.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Digium Certified Asterisk	Version 13.18 cert1
Digium Certified Asterisk	Version 13.18 cert2

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Digium Certified Asterisk	Up to 13.18

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

http://downloads.asterisk.org/pub/security/AST-2018-004.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/103151

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040416

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.debian.org/security/2018/dsa-4320

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/44184/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://downloads.asterisk.org/pub/security/AST-2018-004.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/103151

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040416

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.debian.org/security/2018/dsa-4320

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.exploit-db.com/exploits/44184/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.