Skip to main content

Asterisk Two Denial of Service Vulnerabilities

Last Update Date: 10 Jan 2013 Release Date: 4 Jan 2013 5584 Views

RISK: High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Two vulnerabilities have been identified in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

  1. An error when handling TCP sessions can be exploited to cause a stack overflow and crash the service.
  2. An error when handling device state caches can be exploited to consume excessive system resource.

Impact

  • Denial of Service

System / Technologies affected

  • Asterisk 1.x
  • Asterisk 10.x
  • Asterisk 11.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 1.8.19.1, 10.11.1, or 11.1.1.

Vulnerability Identifier


Source


Related Link