Main Vulnerability Database Vulnerabilities #VU13261

#VU13261 Infinite loop in Asterisk Open Source

Published: June 12, 2018 / Updated: June 12, 2018

Vulnerability identifier: #VU13261

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-835

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Asterisk Open Source

Software vendor:
Digium (Linux Support Services)

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists due to an error when processing malicious input. A remote attacker can send specially crafted data via TCP/TLS or abruptly disconnect to trigger an iostream read error and cause the target service to enter an infinite loop and become unusable.

Remediation

Update to version 15.4.1.

External links

http://downloads.asterisk.org/pub/security/AST-2018-007.html

#VU13261 Infinite loop in Asterisk Open Source

Description

Remediation

External links

Please verify you're human