Published: 24/11/2014 Updated: 30/12/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

ConfBridge in Asterisk 11.x prior to 11.14.1 and Certified Asterisk 11.6 prior to 11.6-cert8 does not properly handle state changes, which allows remote malicious users to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk
digium certified asterisk 11.6
digium certified asterisk 11.6.0

Debian Bug report logs - #771463 CVE-2014-8418 CVE-2014-8412 CVE-2014-8414 CVE-2014-8417 Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 29 Nov 2014 21:36:01 UTC Severity: grave Tags: sec ...

Debian Bug report logs - #773230 asterisk: CVE-2014-9374 Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 15 Dec 2014 20:30:02 UTC Severity: important Tags: fixed-upstream, security, ...

CWE-399 http://downloads.asterisk.org/pub/security/AST-2014-014.html http://seclists.org/fulldisclosure/2014/Nov/67 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-8414

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect