Published: 22/02/2018 Updated: 01/03/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A Buffer Overflow issue exists in Asterisk up to and including 13.19.1, 14.x up to and including 14.7.5, and 15.x up to and including 15.2.1, and Certified Asterisk up to and including 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk
digium certified asterisk 13.18
digium certified asterisk
debian debian linux 9.0

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or information disclosure For the stable distribution (stretch), these problems have been fixed in version 1:13141~dfsg-2+deb9u4 We recommend that you upgrade your asterisk packages For the detailed securit ...

Debian Bug report logs - #891228 asterisk: CVE-2018-7286: AST-2018-005: Crash when large numbers of TCP connections are closed suddenly Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, ...

Debian Bug report logs - #909554 asterisk: CVE-2018-17281: Remote crash vulnerability in HTTP websocket upgrade Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 25 Sep 2018 05:27:01 UT ...

Debian Bug report logs - #891227 asterisk: CVE-2018-7284: AST-2018-004: Crash when receiving SUBSCRIBE request Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Feb 2018 15:09:02 UTC ...

''' # SUBSCRIBE message with a large Accept value causes stack corruption - Authors: - Alfred Farrugia <alfred@enablesecuritycom> - Sandro Gauci <sandro@enablesecuritycom> - Latest vulnerable version: Asterisk 1520 running `chan_pjsip` - Tested vulnerable versions: 1520, 13190, 1475, 13112 - References: AST-2018- ...

Asterisk running chan_pjsip suffers from a SUBSCRIBE message stack corruption vulnerability Vulnerable versions include 1520, 13190, 1475, and 13112 ...

Tool to exploit CVE-2018-7284 and CVE-2018-19278

astDoS Tool to exploit CVE-2018-7284 and CVE-2018-19278 Usage This tool is used as a command astDoSpy [-h] [-a {1,2}] [-sA SERVER_IP] [-sP SERVER_PORT] [-u USER] [-p PASSWD] [-sub SUBUSER] [-dA DNS_IP] [-dP DNS_PORT] [-v [VERSION]] DoS attack against Astersisk, CVE-2018-7284 and CVE-2018-19278 optional arguments: -h, --help sho

CWE-119 http://downloads.asterisk.org/pub/security/AST-2018-004.html http://www.securitytracker.com/id/1040416 http://www.securityfocus.com/bid/103151 https://www.exploit-db.com/exploits/44184/https://www.debian.org/security/2018/dsa-4320 https://nvd.nist.gov https://www.debian.org/security/./dsa-4320 https://github.com/Rodrigo-D/astDoS https://www.exploit-db.com/exploits/44184/

CVE-2018-7284

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect