PT-2018-14899 · Digium+1 · Asterisk+1

Jan Hoffmann

Publicado

2018-11-14

Atualizado

2019-06-29

CVE-2018-19278

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Digium Asterisk versions 15.x through 15.6.1 Digium Asterisk versions 16.x through 16.0.0

Description A buffer overflow issue exists in the DNS SRV and NAPTR lookups. This allows remote attackers to crash the system via a specially crafted DNS SRV or NAPTR response. The issue arises because a buffer size is supposed to match an expanded length but actually matches a compressed length.

Recommendations For Digium Asterisk versions 15.x through 15.6.1, update to version 15.6.2 or later. For Digium Asterisk versions 16.x through 16.0.0, update to version 16.0.1 or later.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2019-2182

CVE-2018-19278

Produtos afetados

Alt Linux

Asterisk

PT-2018-14899 · Digium+1 · Asterisk+1

CVE-2018-19278

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12