There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk up to and including 13.23.0, 14.7.x up to and including 14.7.7, and 15.x up to and including 15.6.0 and Certified Asterisk up to and including 13.21-cert2. It allows an malicious user to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digium asterisk |
||
digium certified asterisk 13.13 |
||
digium certified asterisk 13.1 |
||
digium certified asterisk 11.6 |
||
digium certified asterisk 13.21 |
||
digium certified asterisk 13.8 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |