Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-9374

Опубликовано: 12 дек. 2014
Источник: nvd
CVSS2: 5
EPSS Средний

Описание

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

Комментарий

CWE-415: Double Free

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*
cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 98%
0.49122
Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2014-9374

ubuntu
около 11 лет назад

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

debian логотип

CVE-2014-9374

debian
около 11 лет назад

Double free vulnerability in the WebSocket Server (res_http_websocket ...

github логотип

GHSA-4g26-4jfh-95vh

github
больше 3 лет назад

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

EPSS

Процентиль: 98%
0.49122
Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other