PT-2014-7300 · Digium · Certified Asterisk+2
Philippe Lindheimer
·
Published
2014-11-26
·
Updated
2014-11-26
·
CVE-2014-6610
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 11.x through 11.12.0
Asterisk Open Source versions 12.x through 12.4.0
Certified Asterisk versions 11.6 through 11.6-cert5
Description
The issue allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application when using the res fax spandsp module.
Recommendations
For Asterisk Open Source versions 11.x through 11.12.0, update to version 11.12.1 or later.
For Asterisk Open Source versions 12.x through 12.4.0, update to version 12.5.1 or later.
For Certified Asterisk versions 11.6 through 11.6-cert5, update to version 11.6-cert6 or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asterisk Open Source
Certified Asterisk
Res Fax Spandsp