CVE-2014-9374

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 11.x through 11.14.1 Asterisk Open Source versions 12.x through 12.7.1 Asterisk Open Source versions 13.x through 13.0.1 Certified Asterisk versions 11.6 through 11.6-cert8

Description A double free vulnerability exists in the WebSocket Server (res http websocket module) that allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

Recommendations For Asterisk Open Source versions 11.x through 11.14.1, update to version 11.14.2 or later. For Asterisk Open Source versions 12.x through 12.7.1, update to version 12.7.2 or later. For Asterisk Open Source versions 13.x through 13.0.1, update to version 13.0.2 or later. For Certified Asterisk versions 11.6 through 11.6-cert8, update to version 11.6-cert9 or later.