PT-2018-14899 · Digium+1 · Asterisk+1

Jan Hoffmann

Published

2018-11-14

Updated

2019-06-29

CVE-2018-19278

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Digium Asterisk versions 15.x through 15.6.1 Digium Asterisk versions 16.x through 16.0.0

Description A buffer overflow issue exists in the DNS SRV and NAPTR lookups. This allows remote attackers to crash the system via a specially crafted DNS SRV or NAPTR response. The issue arises because a buffer size is supposed to match an expanded length but actually matches a compressed length.

Recommendations For Digium Asterisk versions 15.x through 15.6.1, update to version 15.6.2 or later. For Digium Asterisk versions 16.x through 16.0.0, update to version 16.0.1 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2019-2182

CVE-2018-19278

Affected Products

Alt Linux

Asterisk

PT-2018-14899 · Digium+1 · Asterisk+1

CVE-2018-19278

Weakness Enumeration

Related Identifiers

Affected Products

References · 12