PT-2018-17999 · Sangoma · Asterisk

Sébastien Duthil

Publicado

2018-02-22

Atualizado

2018-03-21

CVE-2018-7285

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Asterisk versions 15.x through 15.2.1

Description A NULL pointer access issue was discovered in the RTP support of Asterisk. The issue arises when an RTP packet is received and the internal registry of dynamic codecs and desired payload numbers is consulted. If the payload number corresponds to a codec of a different type than the RTP stream, a crash can occur if no stream of that type has been negotiated. This is due to the code incorrectly assuming that a stream of that type would always exist.

Recommendations For Asterisk versions 15.x through 15.2.1, update to a version that contains a fix for this issue to prevent potential crashes.

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

CVE-2018-7285

Produtos afetados

Asterisk

PT-2018-17999 · Sangoma · Asterisk

CVE-2018-7285

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6