Asterisk Open Source CVE-2018-12228 Denial of Service Vulnerability

Bugtraq ID:	104457
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-12228
Remote:	Yes
Local:	No
Published:	Jun 11 2018 12:00AM
Updated:	Jun 11 2018 12:00AM
Credit:	Sean Bright
Vulnerable:	Asterisk Open Source 15.2.2 Asterisk Open Source 15.2.1 Asterisk Open Source 15.2 Asterisk Open Source 15.1.4 Asterisk Open Source 15.1.3 Asterisk Open Source 15.1.1 Asterisk Open Source 15.1 Asterisk Open Source 15.1.5 Asterisk Open Source 15.1.2
Not Vulnerable:	Asterisk Open Source 15.4.1

Asterisk Open Source CVE-2018-12228 Denial of Service Vulnerability

Asterisk Open Source is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition.

Asterisk Open Source 15.x prior to 15.4.1 are vulnerable.

Asterisk Open Source CVE-2018-12228 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Asterisk Open Source CVE-2018-12228 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Asterisk Open Source CVE-2018-12228 Denial of Service Vulnerability

References:

• Asterisk Homepage (Asterisk)
  
• iostreams: Potential DoS when client connection closed prematurely (Asterisk)
  
• Asterisk Project Security Advisory - AST-2018-007 (Asterisk)