PT-2016-1433 · Digium · Asterisk
Torrey Searle
+1
·
Publicado
2016-02-22
·
Atualizado
2017-11-04
·
CVE-2016-2232
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 1.8.x through 11.21.1, 12.x, and 13.x through 13.7.1
Certified Asterisk versions 1.8.28, 11.6 through 11.6-cert12, and 13.1 through 13.1-cert3
Description
The issue is related to errors in pointer handling, which can be exploited by remote authenticated users to cause a denial of service. This is achieved through a zero-length error correcting redundancy packet for a lost UDPTL FAX packet, resulting in an uninitialized pointer dereference and crash.
Recommendations
For Asterisk Open Source versions 1.8.x through 11.21.1, update to version 11.21.1 or later.
For Asterisk Open Source versions 12.x, update to version 13.7.1 or later.
For Asterisk Open Source versions 13.x through 13.7.1, update to version 13.7.1 or later.
For Certified Asterisk versions 1.8.28, update to version 11.6-cert12 or later.
For Certified Asterisk versions 11.6 through 11.6-cert12, update to version 11.6-cert12 or later.
For Certified Asterisk versions 13.1 through 13.1-cert3, update to version 13.1-cert3 or later.
Correção
NULL Pointer Dereference
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Asterisk