Computer Security
[EN] securityvulns.ru no-pyccku


Asterisk DoS
updated since 13.01.2015
Published:02.02.2015
Source:
SecurityVulns ID:14197
Type:remote
Threat Level:
5/10
Description:Crash on empty WebSocket frame. File descriptor leak on incompatible codecs.
Affected:ASTERISK : Asterisk 13.0
CVE:CVE-2014-9374 (Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.)
Original documentdocumentASTERISK, AST-2015-001: File descriptor leak when incompatible codecs are offered (02.02.2015)
 documentMANDRIVA, [ MDVSA-2015:018 ] asterisk (13.01.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod