Multiple Asterisk Products CVE-2018-17281 Remote Stack Overflow Vulnerability
BID:105389
CVE-2018-17281 |Info
Multiple Asterisk Products CVE-2018-17281 Remote Stack Overflow Vulnerability
| Bugtraq ID: | 105389 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-17281 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 20 2018 12:00AM |
| Updated: | Sep 20 2018 12:00AM |
| Credit: | Sean Bright |
| Vulnerable: |
Asterisk Open Source 15.4.1 Asterisk Open Source 15.2.2 Asterisk Open Source 15.2.1 Asterisk Open Source 15.2 Asterisk Open Source 15.1.4 Asterisk Open Source 15.1.3 Asterisk Open Source 15.1.1 Asterisk Open Source 15.1 Asterisk Open Source 14.7.7 Asterisk Open Source 14.7.6 Asterisk Open Source 14.7.4 Asterisk Open Source 14.7.3 Asterisk Open Source 14.7.1 Asterisk Open Source 14.6.1 Asterisk Open Source 14.4 Asterisk Open Source 14.3.1 Asterisk Open Source 14.2.1 Asterisk Open Source 14.2 Asterisk Open Source 13.21.1 Asterisk Open Source 13.19.2 Asterisk Open Source 13.18.4 Asterisk Open Source 13.18.3 Asterisk Open Source 13.18.1 Asterisk Open Source 13.17.1 Asterisk Open Source 13.15 Asterisk Open Source 13.14.1 Asterisk Open Source 13.13.1 Asterisk Open Source 13.13 Asterisk Open Source 13.12 Asterisk Open Source 15.1.5 Asterisk Open Source 15.1.2 Asterisk Open Source 14.7.5 Asterisk Open Source 14.7.2 Asterisk Open Source 14.0 Asterisk Open Source 13.18.5 Asterisk Open Source 13.18.2 Asterisk Open Source 13.13-cert7 Asterisk Open Source 13.0 Asterisk Certified Asterisk 13.21-cert2 Asterisk Certified Asterisk 13.21 |
| Not Vulnerable: |
Asterisk Open Source 15.6.1 Asterisk Open Source 14.7.8 Asterisk Open Source 13.23.1 Asterisk Certified Asterisk 13.21-cert3 |
Discussion
Multiple Asterisk Products CVE-2018-17281 Remote Stack Overflow Vulnerability
Multiple Asterisk Products are prone to a remote stack overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to execute arbitrary code in the context of the affected application.
Multiple Asterisk Products are prone to a remote stack overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to execute arbitrary code in the context of the affected application.
Solution / Fix
Multiple Asterisk Products CVE-2018-17281 Remote Stack Overflow Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.