PT-2018-11059 · Sangoma · Asterisk Open Source
Sean Bright
+1
·
Published
2018-06-12
·
Updated
2024-08-15
·
CVE-2018-12228
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 15.x before 15.4.1
Description
An issue was discovered in Asterisk Open Source. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.
Recommendations
For Asterisk Open Source versions 15.x before 15.4.1, update to version 15.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the TCP/TLS connection to minimize the risk of exploitation.
Exploit
Fix
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asterisk Open Source