PT-2018-11059 · Sangoma · Asterisk Open Source

Sean Bright

Publicado

2018-06-12

Atualizado

2024-08-15

CVE-2018-12228

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 15.x before 15.4.1

Description An issue was discovered in Asterisk Open Source. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.

Recommendations For Asterisk Open Source versions 15.x before 15.4.1, update to version 15.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the TCP/TLS connection to minimize the risk of exploitation.

Exploit

Correção

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

CVE-2018-12228

Produtos afetados

Asterisk Open Source

PT-2018-11059 · Sangoma · Asterisk Open Source

CVE-2018-12228

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7