Published: 22/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

An issue exists in Asterisk up to and including 13.19.1, 14.x up to and including 14.7.5, and 15.x up to and including 15.2.1, and Certified Asterisk up to and including 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk
digium asterisk 13.19.1
digium certified asterisk
debian debian linux 9.0

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or information disclosure For the stable distribution (stretch), these problems have been fixed in version 1:13141~dfsg-2+deb9u4 We recommend that you upgrade your asterisk packages For the detailed securit ...

Debian Bug report logs - #891228 asterisk: CVE-2018-7286: AST-2018-005: Crash when large numbers of TCP connections are closed suddenly Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, ...

Debian Bug report logs - #909554 asterisk: CVE-2018-17281: Remote crash vulnerability in HTTP websocket upgrade Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 25 Sep 2018 05:27:01 UT ...

Debian Bug report logs - #891227 asterisk: CVE-2018-7284: AST-2018-004: Crash when receiving SUBSCRIBE request Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Feb 2018 15:09:02 UTC ...

''' # Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport - Authors: - Alfred Farrugia <alfred@enablesecuritycom> - Sandro Gauci <sandro@enablesecuritycom> - Latest vulnerable version: Asterisk 1520 running `chan_pjsip` installed with `--with-pjproject-bundled` - References: AST-2018-005 ...

Asterisk running chan_pjsip suffers from an INVITE message denial of service vulnerability Versions affected include Versions affected include 1520, 1510, 1500, 13190, 13112, and 1475 ...

NVD-CWE-noinfo https://issues.asterisk.org/jira/browse/ASTERISK-27618 http://downloads.asterisk.org/pub/security/AST-2018-005.html http://www.securitytracker.com/id/1040417 http://www.securityfocus.com/bid/103129 https://www.exploit-db.com/exploits/44181/https://www.debian.org/security/2018/dsa-4320 https://nvd.nist.gov https://www.debian.org/security/./dsa-4320 https://www.exploit-db.com/exploits/44181/

CVE-2018-7286

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect