Executive Summary

Informations
NameCVE-2018-7284First vendor Publication2018-02-21
VendorCveLast vendor Modification2019-03-01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application905
Application222
Os1

Nessus® Vulnerability Scanner

DateDescription
2018-10-17Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4320.nasl - Type : ACT_GATHER_INFO
2018-03-02Name : A telephony application running on the remote host is affected by multiple vu...
File : asterisk_ast_2018_001-006.nasl - Type : ACT_GATHER_INFO
2018-03-02Name : A telephony application running on the remote host is affected by a Subscribe...
File : asterisk_ast_2018_002-005.nasl - Type : ACT_GATHER_INFO
2018-02-23Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_933654ce17b811e890b8001999f8d30b.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/103151
CONFIRM http://downloads.asterisk.org/pub/security/AST-2018-004.html
DEBIAN https://www.debian.org/security/2018/dsa-4320
EXPLOIT-DB https://www.exploit-db.com/exploits/44184/
SECTRACK http://www.securitytracker.com/id/1040416

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
DateInformations
2019-03-01 21:19:06
  • Multiple Updates
2018-12-21 12:09:28
  • Multiple Updates
2018-10-30 12:11:47
  • Multiple Updates
2018-10-17 17:19:43
  • Multiple Updates
2018-06-14 12:06:18
  • Multiple Updates
2018-03-19 21:19:51
  • Multiple Updates
2018-03-02 09:19:33
  • Multiple Updates
2018-02-28 09:20:26
  • Multiple Updates
2018-02-24 09:20:11
  • Multiple Updates
2018-02-22 05:18:52
  • First insertion